Justin Michael Schwartzbeck a écrit : > > Now I know the traffic is being marked in the kernel > module because I have a log message that goes to syslog from the > kernel module indicating this. But the traffic does not get DNATed. > When I look at "iptables -t nat -vL" I can see that the count for that > rule is not going up. Eventually I just power cycle the VM and > everything goes back to normal. I am wondering how I can troubleshoot > this. What might cause this problem to occur? My first instinct is > maybe some table is being filled up (perhaps connection tracking?) but > when I check syslog I don't see any useful information. I just need > some idea of where to look. What other things can I check? Check the packet conntrack state in mangle/PREROUTING. A packet won't enter the nat chains if it has a state other than NEW. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
