On 13.02.2010 17:06, netfilter-owner@xxxxxxxxxxxxxxx wrote: > On Sat, 2010-02-13 at 00:03 +0100, Bojan Sukalo wrote: >> I'am trying to setup nat on RHEL4 box. >> >> Kernel: Linux 2.6.9-89.ELsmp x86_64x86 >> iptables: 1.2.11 > > Bojan, > > why don't you try to upgrade to a more recent version of iptables and if > possible to a more recent kernel ? You know, just in case... Changing the iptables version will not change anything, if the current version does not have problems setting the kernel part correctly. You would need to upgrade kernel. > > I have a setup similar to yours (except from POSTROUTING which is of > type MASQUERADING rather than SNAT) and it works all right. > > Also, have you checked other parameters such as TTL ? What about ICMP ? > You can enable ICMP with the following rule: > > -A INPUT -p icmp -j ACCEPT what should allowing INPUT icmp help in a case where there's a FORWARD rule? He allows ESTABLISHED,RELATED traffic, that should allow icmp messages that result from tcp errors. Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
