I have strange behavior in my server settings. It looks like this.
client1 192.168.11.2/24 <----> 192.168.11.7/24 (br1 / vlan1) Server 192.168.21.1/24 (br21 / vlan21) <---> 192.168.21.101/24 client2
On the server, I configured DNAT for two ports for a different destination.
~> sudo iptables -t nat -nL -v
Chain PREROUTING (policy ACCEPT 3631 packets, 220K bytes)
pkts bytes target prot opt in out source destination
5332 320K DNAT tcp -- * * 0.0.0.0/0 192.168.11.7 multiport dports 5308,21 to:192.168.2.19
~> ip r get 192.168.2.19
192.168.2.19 via 192.168.11.1 dev br1 src 192.168.11.7
This works for some time from both clients, but after an indefinite time only packets from client2 are redirected. The packet counter increases when I try to connect to client1, but NAT no longer exists. Sometimes after a few hours, he started working again.
Nothing is blocked in the firewall because all policies are on ACCEPT and no rules are set. The connection is not complete. I already tried a few things with rp_filter and so on, but in these settings this should not be a problem.
Hope someone has an idea.
source
share