![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=756200
https://bugzilla.novell.com/show_bug.cgi?id=756200#c7
--- Comment #7 from Per Jessen
Hello Per,
Thank you for posting all this information and your firewall script, that helped narrow it down. You have a few nat rules. Since you mention that the problem concerns SNAT between public networks, I assume the issue is around this rule, is that right? $IPTABLES -A POSTROUTING -t nat -o $FIBREIF -p tcp --dport http -j SNAT --to $FIBREIP
Hi Benjamin yes that is correct. I should have mentioned that.
I believe I've reproduced the observations you report in comment 1 and I've fixed the issue by doing: echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter (also make sure that it is 0 for the specific interface, $FIBREIF in this case I think)
This was identified using the TRACE iptables target, `conntrack -E` and `netstat -s` which shows the IPReversePathFilter increasing during the problematic times.
Thanks, that's very helpful. I didn't know about TRACE.
I've got this going on 12.2 so you should be able to upgrade again if you confirm that this fixes the issue for you.
12.2M3 seems to be a bit iffy at the moment, but I'll see if I can get to try it with 12.1 over the weekend. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.