On Thu, 2007-11-08 at 22:17 +0000, Bradley Kite wrote: > On 08/11/2007, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: [...] > > Perhaps do some logging (-j LOG) or check the counters on the various > > chains. > > > > # iptables -t nat -L -v -n > > Hmm. The pre-routing couters are increasing, but that is all. When I > ping from the router then the post-routing counters increase (because > its directly connected). Is your rp_filter getting in the way? # cat /proc/sys/net/ipv4/conf/eth1/rp_filter If this returns 1, then: # echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter Of course setting it in /etc/sysctl.conf for reboots. -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
