strange nat problem
Hi, I had a nat box running debian woody (2.4.19 kernel).
Everything was working great, but i upgraded to sarge and installed a 220.127.116.11 kernel, and this issue came up:
in the nat clients, some web pages work and others don't, while in the nat box everything works fine.
For example google works great, but hotmail doesn't (and it does work in the nat box). An ethereal run shows that it does some talking (it sends and receives packets containing html headers) and then starts waiting for something that never comes. hotmail is just an example, there are some other web pages not requiring authentication that doesn't work either.
I'm using the same configuration i used in woody, only the programs versions changed. I have a lot of iptables rules plus some traffic shaping commands (with tc), but the problem persist even using this minimal set of rules and no Traffic Control:
:PREROUTING ACCEPT [22307:4559231]
:INPUT ACCEPT [16590:2976594]
:FORWARD ACCEPT [5364:1548354]
:OUTPUT ACCEPT [16414:1661497]
:POSTROUTING ACCEPT [21770:3197851]
:INPUT ACCEPT [14850:2866366]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [14907:1537177]
-A FORWARD -j ACCEPT
:PREROUTING ACCEPT [10490:589933]
:POSTROUTING ACCEPT [401:24152]
:OUTPUT ACCEPT [402:24212]
-A POSTROUTING -s 10.10.10.0/255.255.255.0 -j MASQUERADE
I find it very strange that some things work and some things doesn't, and i have no clue what the problem could be, i don't even know if it is an iptables-related issue, so any help pointing me to the right direction will be appreciated.