> > Which would explain why you are seeing this. > > Why not just have one public IP address on eth0 only? And then use that > for incoming and outgoing connections, at least until you've got it > working? > > Something like: > > > [Internal > interfaces] __________ > --------------| |eth0 > | Linux |(PUB_IP_INCOMING only) > --------------| Box |------------------------->ISP Cisco router > | | ^ > --------------|__________| | > | > SNAT here to PUB_IP_INCOMING > > Andy > > First, sorry for the top-post, I just start typing without thinking..... Yesterday I have tested your setup simply assigning one public address ( I have 6 addresses) to a machine on the network and another to the router but the problem is still there. I think that ISP should monitor the external interfaces of both router to check if and when packets come in. Anyway, I don't want to bother netfilter users with connection problems that are out of scope. The much more specific question is: in order to correctly perform SNAT and DNAT, is it necessary to bind the referenced addresses to some interface ? I think the answer is no, it is not necessary, but I would like to have a confirmation on that. Guido -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
