<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - iptables outgoing SNAT works for a while then stops working completely for a while"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1129">1129</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>iptables outgoing SNAT works for a while then stops working completely for a while

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>netfilter/iptables

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>x86_64

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Debian GNU/Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P5

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>ip_conntrack

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>netfilter-buglog@lists.netfilter.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>timclarke147@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I have updated to Deabian Jessie and have a firewall that does incoming port

redirection (which works reliably) and outgoing masquerading (SNAT) from

internal IP 192.168.123.0/24 via 62.232.232.211 outside world.

OUtgoing source-nat works fine for a while (overnight) and then during the day

stops working for a few hours, then works again for some time, then stops

working again etc

When NOT working,  tcpdump shows the following:

icmp request from 192.168.123.203  to 88.208.252.180 is logged

icmp reply from 88.208.252.180 is logged

icmp reply to 62.232.25.211 is logged

NO icmp reply is forwarded to 192.168.123.203

It would appear that the ping is being SNAT'ed outwards ok but the connection 

is not being preoprly tracked to allow the returning reply packet to be 

redirected back to 192.168.123.203

The iptables config is identical to that used an earlier (wheezy) debian 

and I have never had any problems with that earlier version.

I note that the new machine has about 2.5% dropped packets on both interfaces,

but this may be a red herring!

tcpdumps and iptables config etc can be supplied on request</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>