> Roger Grosswiler wrote: >> Since the last update, i have several problems with iptables. >> >> I have a firewall with several nics built-in. >> >> -> i have forwarding enabled (/proc/sys/net/ipv4/ip_forward = 1) >> -> i have no further forwarding rule in iptables, except the default one -> i inserted >> source-nat-rules on the outgoing devices >> -> with squid, i use the transparent-proxying-script >> -> that script redirects all queries on port 80 to port 3128 (where squid is listen >> on) >> -> for the inner lan, the nic is trusted >> >> so, since the last update, no forwarding, except passing through squid (web only), and >> only if i configure firefox with the proxy-settings. No redirection from outgoing port >> 80 to 3128 is done by iptables. >> >> It also seems, that masquerading does no longer work on the outgoing interfaces. Are >> there known issues about iptables or the last kernel? >> >> >> Thanks for your help. >> Roger >> >> ---- >> >> i was fiddling a little bit yesterday, and i inserted in /etc/sysconfig (which isn't a >> real lucky solution) in lines 3 and 4 forwarding information: >> >> -A FORWARD -i eth0 -j ACCEPT >> -A FORWARD -i tun0 -j ACCEPT >> >> and since then, checking with iptables -L -v i see, that those forwarding rules are >> counting packets. >> >> What is not counting packets at all is SNAT in the nat table. Is there an error within >> iptables? >> >> I use the following rules: >> >> /sbin/iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source x.y.z.c >> >> i use this 4 times for all my several subnets, and this has been working perfect until >> the last upgrade :( >> >> Did i miss something? >> >> Thanks in advance, >> Roger >> >> > Check the changelog for the last kernel upgrade. They "fixed" a problem > with iptables but it seems several people now have issues. I suggest > you use the previous kernel if you're having problems. > > > I tried this, but no help. Thx, Roger
