http://bugzilla.opensuse.org/show_bug.cgi?id=957461 Bug ID: 957461 Summary: nat stops working every few weeks or days, susefirewall2 needs recycle and packets immediately flow therafter Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Major Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: abittner@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- As of leap 42.1 x64 update of a few of my machines, I have an odd problem. Simple setup ipv4 network with a cpe (e.g. router/nat) device already given and on the lan side there sits the leap 42.1 x64 machine, that has a (fixed) ipv4 address given by this cpe e.g. via dhcp-v4 or via static ipv4 address on the lan (rfc1918). this leap machine has multiple ethernet devices, and acts as a nat-router itself to the secondary network ethernet card. machines on this internal-lan e.g. get nat-ed via susefirewall2, pretty simple, basically machines can do anything outbound, ping, http, email whatever. so as of the leap 42.1 update of my previously normally working opensuse 13.2 x64 machines, the users on this internal-lan behind the opensuse machine, complain every few weeks that they cant email (pop3/smpt) or do stuff, except for e.g. squid proxy running on the opensuse machine, so browsing websites and all still works. odd stuff is the opensuse machine can still be reached from the first lan and also via e.g. portforwarding by the provider router/cpe, e.g. the ssh port is accessible and I can reach the opensuse machine fine from e.g. ipv4 internet and all. Whenever I systemctl restart SuSEfirewall2, the whole situation normalises again and works again for apparently a few weeks again. The external ipv4 address changes every now and then via the provider router/cpe, but that is not the problem here, and I think also the dhcp-v4 of the opensuse machine is not a problem, also the provider cpe/router always gives the same ipv4 address to the opensuse leap machine. the leap machines connectivity itself works fine, I can ping from there also ping the internal-lan and as I wrote before the squid can fetch webpages and give them to the machines on the internal-lan. Only everything with NAT and connection tracking and all apparently dies every few weeks until a restart of Susefirewall2. These machines worked happily with 13.2 x64 before. I have installed conntrack tools, can I provide some logging or capture to give further details? Right now I have this one location at the moment that died down on the internal-lan again and is experiencing this exact bug, so if someone replies quickly I can provide some info within the next maybe 8 hours or so, but after that I need to (temporarily) fix the situation again via restarting the SuSEfirewall2 layer. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.