I striked some NAT trouble and see no way even how to dig it.
I am running a gateway, which serves as firewall between LAN and Internat and
also as endpoint for multiple GRE tunnels. Traffic incapsulated in GRE is
encrypted with IPSEC policies. Routes are made with OSPF (quagga).
Everything work fine.
And some in LAN host pings through NAT remote gateway (remote ends of
tunnels). May be he is concerned is some way.
In some time one of tunnels gets down.
No traffic passes over GRE, but I can see incoming ESP packets.
And I see strange NAT in iptstate:
IPTState - IPTables State Top
Version: 2.1 Sort: SrcIP b: change sorting h: help
Filters: dst: 220.127.116.11
Source Destination Proto State TTL
18.104.22.168 22.214.171.124 esp 0:09:54
172.16.16.11 126.96.36.199 gre 0:09:54
The first row represents valid track for esp traffic.
But I have no clues for cause of second record.
I have in iptables disabled GRE forwarding, host 172.16.16.11 has no GRE
configured at all. Only ICMP packets travels through NAT.
# uname -a
Linux gw.prodo.ru 2.6.18-6-686 #1 SMP Sun Feb 10 22:11:31 UTC 2008 i686
I recently reinstalled from scratch 172.16.16.11 but problem persisted (as on
old address that was 172.16.16.9)
If I delete tunnels on both system, wait for TTL expire and recreate, all
works. Until some moment X, when problem resurvives.