weird transfer-source problems with one DNS node

Ian Veach ian_veach at nshe.nevada.edu
Tue Jul 19 22:17:47 UTC 2016


Thank you, Phil - that might be the answer.  I'm not super knowledgeable
about iptables, and I certainly didn't configure it this way
(specifically), but the one problematic node does seem to have a
postrouting chain.  I'll have to investigate how this came about and how to
remove, but perhaps this is it:

[root at foo:~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 155M packets, 15G bytes)
 pkts bytes target     prot opt in     out     source
destination
Chain POSTROUTING (policy ACCEPT 270K packets, 15M bytes)
 pkts bytes target     prot opt in     out     source
destination
 105M   13G MASQUERADE  all  --  *      eth+    0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 105M packets, 13G bytes)
 pkts bytes target     prot opt in     out     source
destination




cheers and thanks,

Ian Veach, Senior Systems Analyst
System Computing Services, Nevada System of Higher Education


On Tue, Jul 19, 2016 at 3:10 AM, Phil Mayers <p.mayers at imperial.ac.uk>
wrote:

> On 19/07/16 00:38, Ian Veach wrote:
>
>>
>> Negative Ghostrider...:
>>
>> [root at foo:~]# iptables -t raw -nvL
>>
>
> Might want to check "-t nat" as well.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and 
responses, unless otherwise made confidential by law, may be subject to the 
Nevada Public Records laws and may be disclosed to the public upon request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160719/94d87430/attachment.html>


More information about the bind-users mailing list