Problems with iptables?

[Gerry Doris]

Roger Grosswiler wrote:
> Since the last update, i have several problems with iptables.
>
> I have a firewall with several nics built-in.
>
> -> i have forwarding enabled (/proc/sys/net/ipv4/ip_forward = 1)
> -> i have no further forwarding rule in iptables, except the default one -> i inserted
> source-nat-rules on the outgoing devices
> -> with squid, i use the transparent-proxying-script
> -> that script redirects all queries on port 80 to port 3128 (where squid is listen on)
> -> for the inner lan, the nic is trusted
>
> so, since the last update, no forwarding, except passing through squid (web only), and
> only if i configure firefox with the proxy-settings. No redirection from outgoing port
> 80 to 3128 is done by iptables.
>
> It also seems, that masquerading does no longer work on the outgoing interfaces. Are
> there known issues about iptables or the last kernel?
>
>
> Thanks for your help.
> Roger
>
> ----
>
> i was fiddling a little bit yesterday, and i inserted in /etc/sysconfig (which isn't a
> real lucky solution) in lines 3 and 4 forwarding information:
>
> -A FORWARD -i eth0 -j ACCEPT
> -A FORWARD -i tun0 -j ACCEPT
>
> and since then, checking with iptables -L -v i see, that those forwarding rules are
> counting packets.
>
> What is not counting packets at all is SNAT in the nat table. Is there an error within
> iptables?
>
> I use the following rules:
>
> /sbin/iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source x.y.z.c
>
> i use this 4 times for all my several subnets, and this has been working perfect until
> the last upgrade :(
>
> Did i miss something?
>
> Thanks in advance,
> Roger
>
>   
Check the changelog for the last kernel upgrade.  They "fixed" a problem 
with iptables but it seems several people now have issues.  I suggest 
you use the previous kernel if you're having problems.