Re: Re: bonding-related problem with DNAT/SNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Richard, that's a very good hint.

Full info:

A.A.A.A = public IP
X.X.y.y = internal Host #1
X.X.y.g = default gateway for Host #1
X.X.z.z = internal Host #2 (different subnet)
L.L.L.L = Host from which I'm logged in (we don't want to trace that one)

Bonding Setup:
modprobe bonding arp_interval=3000 arp_ip_target=X.X.y.g mode=active-backup primary=eth0
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig bond0 X.X.y.y
ifenslave bond0 eth0
ifenslave bond0 eth1
route add default gw X.X.y.g

What I'm trying:
Internet ----> Host #1 -----> Host #2
A.A.A.A -----> X.X.y.y -----> X.X.z.z

- Host #1 gets the traffic from the Internet and changes the source via SNAT rule to itself.
- Host #1 uses DNAT to redirect traffic to host #2.
- Host #2 will send the answer to host #1, which will sent it back to the internet again.


bonding config iptables-save:

# Generated by iptables-save v1.4.3.2 on Wed Dec  2 15:06:04 2009
*raw
:PREROUTING ACCEPT [485:37520]
:OUTPUT ACCEPT [403:61395]
-A PREROUTING ! -s L.L.L.L/32 -j TRACE 
COMMIT
# Completed on Wed Dec  2 15:06:04 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 15:06:04 2009
*nat
:PREROUTING ACCEPT [69:5631]
:POSTROUTING ACCEPT [5:370]
:OUTPUT ACCEPT [5:370]
-A PREROUTING -s A.A.A.A/32 -d X.X.y.y/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination X.X.z.z:443 
-A POSTROUTING -d X.X.z.z/32 -p tcp -j SNAT --to-source X.X.y.y 
COMMIT
# Completed on Wed Dec  2 15:06:04 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 15:06:04 2009
*mangle
:PREROUTING ACCEPT [502:38404]
:INPUT ACCEPT [486:37084]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [425:64219]
:POSTROUTING ACCEPT [425:64219]
-A PREROUTING -s A.A.A.A/32 -d X.X.y.y/32 -p tcp -m tcp --dport 443 -j ACCEPT 
COMMIT
# Completed on Wed Dec  2 15:06:04 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 15:06:04 2009
*filter
:INPUT ACCEPT [488:37188]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [428:64759]
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
-A FORWARD -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT 
-A FORWARD -m state --state INVALID -j LOG 
COMMIT
# Completed on Wed Dec  2 15:06:04 2009

Trace, trying to connect from public IP A.A.A.A to X.X.y.y, Port 443, you see several connection attempts, which fail:

Dec  2 15:06:30 s442 [  198.462763] TRACE: raw:PREROUTING:policy:2 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32103 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F778C9D0000000001030306) 
Dec  2 15:06:30 s442 [  198.462840] TRACE: mangle:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32103 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F778C9D0000000001030306) 
Dec  2 15:06:30 s442 [  198.462895] TRACE: nat:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32103 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F778C9D0000000001030306) 
Dec  2 15:06:30 s442 [  198.462969] TRACE: mangle:FORWARD:policy:1 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32103 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F778C9D0000000001030306) 
Dec  2 15:06:30 s442 [  198.463010] TRACE: filter:FORWARD:policy:5 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32103 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F778C9D0000000001030306) 

Dec  2 15:06:33 s442 [  201.460970] TRACE: raw:PREROUTING:policy:2 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32104 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F7798550000000001030306) 
Dec  2 15:06:33 s442 [  201.461045] TRACE: mangle:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32104 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F7798550000000001030306) 
Dec  2 15:06:33 s442 [  201.461100] TRACE: nat:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32104 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F7798550000000001030306) 
Dec  2 15:06:33 s442 [  201.461160] TRACE: mangle:FORWARD:policy:1 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32104 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F7798550000000001030306) 
Dec  2 15:06:33 s442 [  201.461201] TRACE: filter:FORWARD:policy:5 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32104 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F7798550000000001030306) 

Dec  2 15:06:39 s442 [  207.461700] TRACE: raw:PREROUTING:policy:2 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32105 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77AFC50000000001030306) 
Dec  2 15:06:39 s442 [  207.461779] TRACE: mangle:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32105 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77AFC50000000001030306) 
Dec  2 15:06:39 s442 [  207.461834] TRACE: nat:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32105 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77AFC50000000001030306) 
Dec  2 15:06:39 s442 [  207.461894] TRACE: mangle:FORWARD:policy:1 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32105 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77AFC50000000001030306) 
Dec  2 15:06:39 s442 [  207.461935] TRACE: filter:FORWARD:policy:5 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32105 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77AFC50000000001030306) 

Dec  2 15:06:51 s442 [  219.462831] TRACE: raw:PREROUTING:policy:2 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32106 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77DEA50000000001030306) 
Dec  2 15:06:51 s442 [  219.462906] TRACE: mangle:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32106 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77DEA50000000001030306) 
Dec  2 15:06:51 s442 [  219.462961] TRACE: nat:PREROUTING:rule:1 IN=bond0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=32106 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77DEA50000000001030306) 
Dec  2 15:06:51 s442 [  219.463021] TRACE: mangle:FORWARD:policy:1 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32106 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77DEA50000000001030306) 
Dec  2 15:06:51 s442 [  219.463061] TRACE: filter:FORWARD:policy:5 IN=bond0 OUT=bond0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=32106 DF PROTO=TCP SPT=29901 DPT=443 SEQ=2738448188 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F77DEA50000000001030306)



Normal config, using eth0, iptables-save:

# Generated by iptables-save v1.4.3.2 on Wed Dec  2 14:55:14 2009
*raw
:PREROUTING ACCEPT [3979:292611]
:OUTPUT ACCEPT [3134:484757]
-A PREROUTING ! -s L.L.L.L/32 -j TRACE 
COMMIT
# Completed on Wed Dec  2 14:55:14 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 14:55:14 2009
*nat
:PREROUTING ACCEPT [513:38150]
:POSTROUTING ACCEPT [108:7948]
:OUTPUT ACCEPT [108:7948]
-A PREROUTING -s A.A.A.A/32 -d X.X.y.y/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination X.X.z.z:443 
-A POSTROUTING -d X.X.z.z/32 -p tcp -j SNAT --to-source X.X.y.y 
COMMIT
# Completed on Wed Dec  2 14:55:14 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 14:55:14 2009
*mangle
:PREROUTING ACCEPT [3966:291338]
:INPUT ACCEPT [3946:287226]
:FORWARD ACCEPT [24:4787]
:OUTPUT ACCEPT [3138:485333]
:POSTROUTING ACCEPT [3162:490120]
-A PREROUTING -s A.A.A.A/32 -d X.X.y.y/32 -p tcp -m tcp --dport 443 -j ACCEPT 
COMMIT
# Completed on Wed Dec  2 14:55:14 2009
# Generated by iptables-save v1.4.3.2 on Wed Dec  2 14:55:14 2009
*filter
:INPUT ACCEPT [3950:287434]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [3140:486493]
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
-A FORWARD -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT 
-A FORWARD -m state --state INVALID -j LOG 
COMMIT
# Completed on Wed Dec  2 14:55:14 2009

works fine:
Dec 2 14:55:47 s442 [ 5347.645177] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645247] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645302] TRACE: nat:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645361] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645400] TRACE: filter:FORWARD:rule:2 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645439] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645478] TRACE: nat:POSTROUTING:rule:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902510 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405760402080A1F6DBCA60000000001030306) 
Dec  2 14:55:47 s442 [ 5347.645632] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523747 ACK=2706902511 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A32165DEC1F6DBCA601030302) 
Dec  2 14:55:47 s442 [ 5347.645706] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523747 ACK=2706902511 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A32165DEC1F6DBCA601030302) 
Dec  2 14:55:47 s442 [ 5347.645763] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523747 ACK=2706902511 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A32165DEC1F6DBCA601030302) 
Dec  2 14:55:47 s442 [ 5347.645802] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523747 ACK=2706902511 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A32165DEC1F6DBCA601030302) 
Dec  2 14:55:47 s442 [ 5347.645842] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523747 ACK=2706902511 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A32165DEC1F6DBCA601030302) 
Dec  2 14:55:47 s442 [ 5347.712607] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=42 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.712666] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=42 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.712718] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.712753] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.712787] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713586] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=182 TOS=0x00 PREC=0x00 TTL=55 ID=43 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713645] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=182 TOS=0x00 PREC=0x00 TTL=55 ID=43 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713695] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=182 TOS=0x00 PREC=0x00 TTL=54 ID=43 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713730] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=182 TOS=0x00 PREC=0x00 TTL=54 ID=43 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713764] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=182 TOS=0x00 PREC=0x00 TTL=54 ID=43 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902511 ACK=3773523748 WINDOW=92 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBCEB32165DEC) 
Dec  2 14:55:47 s442 [ 5347.713904] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=15064 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFD1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.713944] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=15064 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFD1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.713980] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15064 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFD1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.714018] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15064 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFD1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.714043] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15064 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFD1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718566] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=1438 TOS=0x00 PREC=0x00 TTL=63 ID=15065 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718621] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=1438 TOS=0x00 PREC=0x00 TTL=63 ID=15065 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718672] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=1438 TOS=0x00 PREC=0x00 TTL=62 ID=15065 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718705] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=1438 TOS=0x00 PREC=0x00 TTL=62 ID=15065 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718739] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=1438 TOS=0x00 PREC=0x00 TTL=62 ID=15065 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773523748 ACK=2706902641 WINDOW=1716 RES=0x00 ACK URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718781] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=92 TOS=0x00 PREC=0x00 TTL=63 ID=15066 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525134 ACK=2706902641 WINDOW=1716 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718831] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=92 TOS=0x00 PREC=0x00 TTL=63 ID=15066 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525134 ACK=2706902641 WINDOW=1716 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718880] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=92 TOS=0x00 PREC=0x00 TTL=62 ID=15066 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525134 ACK=2706902641 WINDOW=1716 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718914] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=92 TOS=0x00 PREC=0x00 TTL=62 ID=15066 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525134 ACK=2706902641 WINDOW=1716 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.718948] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=92 TOS=0x00 PREC=0x00 TTL=62 ID=15066 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525134 ACK=2706902641 WINDOW=1716 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165DFE1F6DBCEB) 
Dec  2 14:55:47 s442 [ 5347.809255] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=44 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525134 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809310] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=44 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525134 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809361] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525134 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809395] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525134 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809428] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525134 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809722] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=45 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809774] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=45 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809822] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=45 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809855] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=45 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.809888] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=45 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBD4B32165DFE) 
Dec  2 14:55:47 s442 [ 5347.823692] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=250 TOS=0x00 PREC=0x00 TTL=55 ID=46 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBD5932165DFE) 
Dec  2 14:55:47 s442 [ 5347.823748] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=250 TOS=0x00 PREC=0x00 TTL=55 ID=46 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBD5932165DFE) 
Dec  2 14:55:47 s442 [ 5347.823801] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=250 TOS=0x00 PREC=0x00 TTL=54 ID=46 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBD5932165DFE) 
Dec  2 14:55:47 s442 [ 5347.823836] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=250 TOS=0x00 PREC=0x00 TTL=54 ID=46 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBD5932165DFE) 
Dec  2 14:55:47 s442 [ 5347.823870] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=250 TOS=0x00 PREC=0x00 TTL=54 ID=46 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902641 ACK=3773525174 WINDOW=137 RES=0x00 ACK PSH URGP=0 OPT (0101080A1F6DBD5932165DFE) 
Dec  2 14:55:47 s442 [ 5347.827586] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=111 TOS=0x00 PREC=0x00 TTL=63 ID=15067 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525174 ACK=2706902839 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165E191F6DBD59) 
Dec  2 14:55:47 s442 [ 5347.827641] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=111 TOS=0x00 PREC=0x00 TTL=63 ID=15067 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525174 ACK=2706902839 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165E191F6DBD59) 
Dec  2 14:55:47 s442 [ 5347.827692] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=111 TOS=0x00 PREC=0x00 TTL=62 ID=15067 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525174 ACK=2706902839 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165E191F6DBD59) 
Dec  2 14:55:47 s442 [ 5347.827726] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=111 TOS=0x00 PREC=0x00 TTL=62 ID=15067 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525174 ACK=2706902839 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165E191F6DBD59) 
Dec  2 14:55:47 s442 [ 5347.827761] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=111 TOS=0x00 PREC=0x00 TTL=62 ID=15067 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525174 ACK=2706902839 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A32165E191F6DBD59) 
Dec  2 14:55:47 s442 [ 5347.914519] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=47 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBDB432165E19) 
Dec  2 14:55:47 s442 [ 5347.914575] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=47 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBDB432165E19) 
Dec  2 14:55:47 s442 [ 5347.914626] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBDB432165E19) 
Dec  2 14:55:47 s442 [ 5347.914660] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBDB432165E19) 
Dec  2 14:55:47 s442 [ 5347.914693] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK URGP=0 OPT (0101080A1F6DBDB432165E19) 
Dec  2 14:55:50 s442 [ 5350.070496] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=48 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK FIN URGP=0 OPT (0101080A1F6DC62032165E19) 
Dec  2 14:55:50 s442 [ 5350.070561] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=48 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK FIN URGP=0 OPT (0101080A1F6DC62032165E19) 
Dec  2 14:55:50 s442 [ 5350.070614] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK FIN URGP=0 OPT (0101080A1F6DC62032165E19) 
Dec  2 14:55:50 s442 [ 5350.070649] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK FIN URGP=0 OPT (0101080A1F6DC62032165E19) 
Dec  2 14:55:50 s442 [ 5350.070683] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902839 ACK=3773525233 WINDOW=137 RES=0x00 ACK FIN URGP=0 OPT (0101080A1F6DC62032165E19) 
Dec  2 14:55:50 s442 [ 5350.070860] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=89 TOS=0x00 PREC=0x00 TTL=63 ID=15068 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525233 ACK=2706902840 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.070912] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=89 TOS=0x00 PREC=0x00 TTL=63 ID=15068 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525233 ACK=2706902840 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.070962] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=89 TOS=0x00 PREC=0x00 TTL=62 ID=15068 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525233 ACK=2706902840 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.070996] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=89 TOS=0x00 PREC=0x00 TTL=62 ID=15068 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525233 ACK=2706902840 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071043] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=89 TOS=0x00 PREC=0x00 TTL=62 ID=15068 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525233 ACK=2706902840 WINDOW=1984 RES=0x00 ACK PSH URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071085] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=15069 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525270 ACK=2706902840 WINDOW=1984 RES=0x00 ACK FIN URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071137] TRACE: mangle:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=X.X.z.z DST=X.X.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=15069 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525270 ACK=2706902840 WINDOW=1984 RES=0x00 ACK FIN URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071185] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15069 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525270 ACK=2706902840 WINDOW=1984 RES=0x00 ACK FIN URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071219] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15069 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525270 ACK=2706902840 WINDOW=1984 RES=0x00 ACK FIN URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.071253] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=X.X.z.z DST=A.A.A.A LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=15069 DF PROTO=TCP SPT=443 DPT=29044 SEQ=3773525270 ACK=2706902840 WINDOW=1984 RES=0x00 ACK FIN URGP=0 OPT (0101080A3216604A1F6DC620) 
Dec  2 14:55:50 s442 [ 5350.086746] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902840 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 
Dec  2 14:55:50 s442 [ 5350.086792] TRACE: mangle:PREROUTING:rule:1 IN=eth0 OUT= MAC=00:..MAC..:00 SRC=A.A.A.A DST=X.X.y.y LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902840 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 
Dec  2 14:55:50 s442 [ 5350.086832] TRACE: mangle:FORWARD:policy:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902840 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 
Dec  2 14:55:50 s442 [ 5350.086855] TRACE: filter:FORWARD:rule:1 IN=eth0 OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902840 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 
Dec  2 14:55:50 s442 [ 5350.086879] TRACE: mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=A.A.A.A DST=X.X.z.z LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=29044 DPT=443 SEQ=2706902840 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 


I'm not sure, what might be wrong there... hopefully someone can help me, I'm a bit desperate now, maybe bonding/iptables don't play well together at all? :(

Best regards,

Craig


----- original message --------

Subject: Re: bonding-related problem with DNAT/SNAT
Sent: Wed, 25 Nov 2009
From: Richard Horton<arimus.uk@xxxxxxxxxxxxxx>

> 2009/11/24 Craig Craig <craig@xxxxxxxxxxxx>:
> > Dear netfilter List,
> >
> > I have two machines running Kernel 2.6.29.5, one has bonding-related
> problem.
> >
> >
> 
> Might be worth sticking trace on and seeing which rules are met...
> 
> iptables -t raw -A PREROUTING -j TRACE
> 
> and then post the resulting trace logs...
> 
> -- 
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest
> Cats
> http://www.pbase.com/arimus - My online photogallery
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--- original message end ----

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux