> You said the problem only happens to NAT'ed traffic. What if it's not > NAT, but eth0, that's the issue? Try swapping eth0 and eth1 and see if > the problem affects traffic to/from the router as well. Yes! That was it (in a way). Over the long weekend I cobbled together a replacement router, booted it from an image of the first one and of course it worked perfectly ... ... So it's some kind of hardware issue in the router - or one of the cables / switches is bad intermittently and all the un-, replugging and wiggling about "fixed" it for now. Strange that the problem only affected the upstream, though. Either way, netfilter's not to blame. I'm terribly sorry for having wasted your time. Regards, Christian -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
