Ivan Petrushev wrote:
One think I can come with is TTL limiting (largely known here where I
live). Try pinging these "troubling" sites from your home gateway and
see if TTL is 1 or 2 or some bigger value.
I don't quite understand what are you saying? TTL too small and expires in path?
TTL too big and gets filtered some how?
And one other thing - you said these sites disappear, but I didin't
understood where from are you testing? From the home gateway or from
the NATed boxes behind it?
From both sites..
Could you add SNAT rule for non-existant box (IP that is not present
on your network, like 192.168.0.200) and see if these sites work.
And one other thing - /16 ? Do you really have such big network? :)
No, but I have a lot of dumbass users who love to set static ips to ones that
servers use :)) And I doubt that this is the problem...
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html