On 04/28/2018 12:24 AM, Norman Henderson wrote: > Thanks again. Attached are 2 dump files. The first, last night wasn't > immediately after a reboot but it was at a point when the UDP NAT was > working correctly. By this morning UDP NAT was no longer working and I > took the second dump. > Best, Norm Norm,
The rulesets in the two dumps are identical. I see the following conntrack table entry, however: udp 17 3599 src=10.1.0.3 dst=10.1.0.252 sport=5060 dport=5060 [UNREPLIED] src=192.168.1.35 dst=10.1.0.3 sport=5060 dport=5060 mark=0 helper=sip use=1 This is an attempt to connect from 10.1.0.3 to 10.1.0.252 which get correctly forwarded to 192.168.1.35. The source IP, however, has not been changed, just as you report. The next thing to do would be to review the syslog between the times of the two dumps to see if there are any netfilter-related messages. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
