https://bugzilla.novell.com/show_bug.cgi?id=756200
https://bugzilla.novell.com/show_bug.cgi?id=756200#c6
Benjamin Poirier changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
InfoProvider| |per@opensuse.org
--- Comment #6 from Benjamin Poirier 2012-04-18 14:09:00 UTC ---
Hello Per,
Thank you for posting all this information and your firewall script, that
helped narrow it down. You have a few nat rules. Since you mention that the
problem concerns SNAT between public networks, I assume the issue is around
this rule, is that right?
$IPTABLES -A POSTROUTING -t nat -o $FIBREIF -p tcp --dport http -j SNAT
--to $FIBREIP
I believe I've reproduced the observations you report in comment 1 and I've
fixed the issue by doing:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
(also make sure that it is 0 for the specific interface, $FIBREIF in this case
I think)
This was identified using the TRACE iptables target, `conntrack -E` and
`netstat -s` which shows the IPReversePathFilter increasing during the
problematic times.
I've got this going on 12.2 so you should be able to upgrade again if you
confirm that this fixes the issue for you.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.