Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Check the state of those packets. Usually, packets which skip NAT are > those classified in the INVALID state by the connection tracking. A new packet ( not -syn packet ) would be treated as INVALID ? . We can see this packet in NAT table ? Thanks, Ratheesh On Fri, Mar 12, 2010 at 2:09 AM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Patrick Chemla a écrit : >> >> It works, but with tcpdump I have recorded packets on outgoing >> interfaces where addresses are NOT NATed, means, packets issued from >> internal servers on eth0, are routed to default route eth2 with there >> internal address 10.0.0.xx. >> >> It is very strange because it is a small percentage of packets, not all >> the packets from a specific server, directed to the same port than >> others who are routed and NATed the right way, at the same time. > > Check the state of those packets. Usually, packets which skip NAT are > those classified in the INVALID state by the connection tracking. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
