On 08/11/2007, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > > On Thu, 2007-11-08 at 22:17 +0000, Bradley Kite wrote: > > On 08/11/2007, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > > [...] > > > > Perhaps do some logging (-j LOG) or check the counters on the various > > > chains. > > > > > > # iptables -t nat -L -v -n > > > > Hmm. The pre-routing couters are increasing, but that is all. When I > > ping from the router then the post-routing counters increase (because > > its directly connected). > > Is your rp_filter getting in the way? > > # cat /proc/sys/net/ipv4/conf/eth1/rp_filter > > If this returns 1, then: > > # echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter > > Of course setting it in /etc/sysctl.conf for reboots. > > -- I tried this with the same results I'm afraid. If I cannot get this working then I'll have to make the upstream router do NAT too so that the entire network is seen from the address of the up-stream router - as Linux is NATing that address without problems. Or maybe I'll try a kernel upgrade to see if that makes any difference. Many thanks for your help. -- Brad. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
