<div dir="ltr"><div><br></div><div>Thank you, Phil - that might be the answer. I'm not super knowledgeable about iptables, and I certainly didn't configure it this way (specifically), but the one problematic node does seem to have a postrouting chain. I'll have to investigate how this came about and how to remove, but perhaps this is it:</div><div><br></div><div><font face="monospace,monospace">[root@foo:~]# iptables -t nat -nvL<br>Chain PREROUTING (policy ACCEPT 155M packets, 15G bytes)<br> pkts bytes target prot opt in out source destination</font></div><div><font face="monospace,monospace">Chain POSTROUTING (policy ACCEPT 270K packets, 15M bytes)<br> pkts bytes target prot opt in out source destination<br> 105M 13G MASQUERADE all -- * eth+ <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a></font></div><div><font face="monospace,monospace">Chain OUTPUT (policy ACCEPT 105M packets, 13G bytes)<br> pkts bytes target prot opt in out source destination</font></div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><br></div><div>cheers and thanks,</div><div><br></div>Ian Veach, Senior Systems Analyst<div>System Computing Services, Nevada System of Higher Education</div><div><br></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 3:10 AM, Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 19/07/16 00:38, Ian Veach wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<br>
Negative Ghostrider...:<br>
<br>
[root@foo:~]# iptables -t raw -nvL<br>
</blockquote>
<br></span>
Might want to check "-t nat" as well.<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank" rel="noreferrer">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank" rel="noreferrer">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div></div></blockquote></div><br></div>
<br>
<span style="font-family:Arial,sans-serif;font-size:small;background-color:rgb(255,255,255)">PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request.</span>