On Thu, 2011-06-23 at 10:17 -0500, Greg Scott wrote: > Why would NATing in both PREROUTING and POSTROUTING > work **only** when I watch it with tcpdump and not work otherwise? tcpdump by default will put the interface into promiscuous mode, so that it will not automatically discard frames with a unicast ethernet destination address which does not match the MAC address of the interface. If traffic passes with tcpdump running but not without it, it's likely related to the destination ethernet addresses. That would be a layer 2/bridging problem more than a NAT/iptables problem. If promiscuous mode is the factor that allows traffic to pass, a cheap hack would be to force the interface into promiscuous mode without tcpdump with "ip link set <dev> promisc on" I'd gather this information to try to understand the problem better: tcpdump -e -i <dev> [filters...] (-e: Print the link-level header on each dump line.) tcpdump -e -i <dev> -p [filters...] (-p: Don't put the interface into promiscuous mode.) If frames are visible when running in promiscuous mode which aren't visible when running with -p, note the destination ethernet address of those frames and compare it against the outputs from "ip link" and "brctl showmacs <brdev>". They're likely coming in a port which considers that destination address foreign. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
