Part of our router setup accepts UPD packets from eth0 and load balances them across two uplinks (ppp0, ppp1). Tracking of these packets is turned off and the packets are marked: $IPTABLES -t raw -A PREROUTING -i eth0 -p udp --sport $PORT -j NOTRACK $IPTABLES -t mangle -A PREROUTING -p udp --sport $PORT -m statistic --mode nth --every 2 --packet 0 -j MARK --set-mark 1 $IPTABLES -t mangle -A PREROUTING -p udp --sport $PORT -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 2 As the UPD packets go out each uplink, stateless NAT is used to change the source IP address: $TC filter add dev ppp0 parent 1:0 protocol ip prio 1 \ handle 1 fw flowid 1:1 action nat egress $SOURCEIP/32 $UPLINK1IP $TC filter add dev ppp1 parent 1:0 protocol ip prio 1 \ handle 2 fw flowid 1:1 action nat egress $SOURCEIP/32 $UPLINK2IP The routing and NAT'ing all works. The problem is the IP ID field is being modified. The incoming packets on eth0 have sequential sequence numbers: # tcpdump -v -i eth0 16:25:58.017870 IP (tos 0x0, ttl 64, id 5493, offset 0, flags [none], proto UDP (17), length 62) 192.168.0.108.6970 > 64 -52-169-242.client.cypresscom.net.6982: UDP, length 34 16:25:58.099780 IP (tos 0x0, ttl 64, id 5494, offset 0, flags [none], proto UDP (17), length 929) 192.168.0.108.6970 > 6 4-52-169-242.client.cypresscom.net.6982: UDP, length 901 16:25:58.217380 IP (tos 0x0, ttl 64, id 5495, offset 0, flags [none], proto UDP (17), length 62) 192.168.0.108.6970 > 64 -52-169-242.client.cypresscom.net.6982: UDP, length 34 The IP ID fields on outgoing packets are non-sequential and do not match the original eth0 value: #tcpdump -v -i ppp0 16:24:54.129697 IP (tos 0x0, ttl 63, id 4723, offset 0, flags [none], proto UDP (17), length 1055) 173-6-220-85.pools.sp csdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 1027 16:24:54.147383 IP (tos 0x0, ttl 63, id 4725, offset 0, flags [none], proto UDP (17), length 1108) 173-6-220-85.pools.sp csdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 1080 16:24:54.171998 IP (tos 0x0, ttl 63, id 4727, offset 0, flags [none], proto UDP (17), length 1478) 173-6-220-85.pools.sp csdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 1450 # tcpdump -v -i ppp1 16:25:02.046107 IP (tos 0x0, ttl 63, id 3633, offset 0, flags [none], proto UDP (17), length 681) 173-102-123-15.pools.s pcsdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 653 16:25:02.057691 IP (tos 0x0, ttl 63, id 3635, offset 0, flags [none], proto UDP (17), length 772) 173-102-123-15.pools.s pcsdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 744 16:25:02.069756 IP (tos 0x0, ttl 63, id 3637, offset 0, flags [none], proto UDP (17), length 739) 173-102-123-15.pools.s pcsdns.net.6970 > 64-52-169-242.client.cypresscom.net.6982: UDP, length 711 Can someone tell me what is changing the IP ID field and how to prevent that? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html