IPtables and bridge interface

[Robert LeBlanc]

Anyone with ideas how to troubleshoot this problem? I'm up for anything,
it's getting really annoying.

Robert LeBlanc

BioAg Computer Support

Brigham Young University

(801)422-1882

leblanc at byu.edu

> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-
> bounces at lists.netfilter.org] On Behalf Of Robert LeBlanc
> Sent: Wednesday, October 18, 2006 8:13 AM
> To: netfilter at lists.netfilter.org
> Subject: IPtables and bridge interface
> 
> Hi all,
>   I'm having a problem with my new gateway set-up and I'm not sure
where
> to start with the troubleshooting. I set up a gateway with two NICs in
> bridge mode to allow for my public IP addresses to pass straight
through
> and then set up two virtual addresses on the bridge interface to NAT
the
> remainder of the machines on my network, but still keep then in
> differing collision domains. The problem that I see is that Internet
> connectivity is sporadic at best. The connection will stay up for a
> minute or so, then go down for 5-60 seconds and then come back up. The
> odd thing is that machines with public addresses never see this
problem,
> only the ones behind the NAT. I am running Debian Etch with kernel
> 
> Linux debian 2.6.16-2-686 #1 Fri Aug 18 19:01:49 UTC 2006 i686
GNU/Linux
> 
> I've also tried the 2.6.17-2-686 kernel with the same results. My
> iptables script is pretty bare:
> 
> #! /bin/bash
> 
> modprobe ip_conntrack_ftp iptables_nat iptables_mangle ip_nat_ftp
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> iptables -t nat -F
> 
> iptables --out-interface br0 -t nat -A POSTROUTING -s 192.168.1.0/22
-j
> SNAT --to EXTERNALIP
> 
> I had two iptables rules before, one for each subnet, but combined
them
> into one rule to see if that would help, but no luck. Can anyone point
> me to how to get debug information from iptables or what I might try
to
> remedy this problem?
> 
> Thank you,
> Robert LeBlanc