NAT stops working

Baake, Matthias m.baake at porta.de
Wed Apr 20 17:05:13 CEST 2005


mh could it be that your conntrack table is full (if you use it of course)?
check your syslog for conntrack messages maybe that could be a reason.

greetings 

Matthias Baake

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Daniel
Wittenberg
Sent: Wednesday, April 20, 2005 4:50 PM
To: netfilter at lists.netfilter.org
Subject: NAT stops working


We've got a high-speed wireless and DSL connection so I decided to try
and load-balance the out-going connections.  I run a little script that
does:

route flush scope global
route flush cache
route add default scope global equalize nexthop via <external gw 1> dev
eth0 weight 1 nexthop via <external gw 2> dev eth1

This appears to work for awhile, then incoming connections stop getting
nat'd to their internal addresses.  I reboot or reset the firewall
(flush all the tables and re-run this script) and things are good again
for awhile.  I tried flooding some of the external IP's that are nat'd
and it seems like after a certain amount of traffic the nat just stops
working.  tcpdump shows traffic on the external interface coming in, but
not going out anywhere.

Anyone have ideas on how to debug this further or things to check?

Thanks,
Dan





More information about the netfilter mailing list