Artūras Šlajus wrote:
Hello fellow netfilter users,
I have a strange problem and I think I should blame my ISP for that...
Recently I lost connectivity to some sites (i.e. digg.com, yahoo). The
best part is that I can regain connectivity by clearing out all the
rules from iptables.
So if I have empty chains - I can connect to digg. After I add one rule:
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE (or SNAT,
doesn't make a difference)
I very much doubt it's your ISP. Maybe the
one-sided NAT does not usually work very well. Try adding both the
symmetrical sides at once:
SNAT on the outbound request packets
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT ...
MASQUERADE on the inbound reply packets
iptables -t nat -A PREROUTING -d 192.168.0.0/16 -j MASQUERADE
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
