Hello all.

I have a WISP provider, and in my PPPOE server, I use iptables to nat the ppp interfaces to a Valid Ip Address.

Everything works fine, but in a routine check, I took out the packet interface wan without suffering nat.

My iptables rules look like this in nat table:

1-> iptables -t nat -A POSTROUTING -o $WAN -s PRIVATE_IP_CLIENT_1 -j SNAT --to PUBLIC_IP1
2-> iptables -t nat -A POSTROUTING -o $WAN -s PRIVATE_IP_CLIENT_2 -j SNAT --to PUBLIC_IP2
N -> ...
X -> iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

Can you see, the X rules, is catch-all.

Here is a tcpdump of a interface.

I'm using a shorewall as a iptables frontend.

Can anyone know what is happening ?

Regards

Alex

08:07:28.085473 IP (tos 0x0, ttl 125, id 19533, offset 0, flags [DF], proto: TCP (6), length: 143) 10.10.167.13.63804 > 218.186.82.37.5457: FP 539844940:539845043(103) ack 3879129841 win 65416

08:07:34.229474 IP (tos 0x0, ttl 126, id 4034, offset 0, flags [DF], proto: TCP (6), length: 40) 10.10.149.69.1102 > 200.193.10.253.80: F, cksum 0x9eb5 (correct), 2160792645:2160792645(0) ack 1761713701 win 64826

08:07:34.229573 IP (tos 0x0, ttl 126, id 4035, offset 0, flags [DF], proto: TCP (6), length: 40) 10.10.149.69.1103 > 200.193.10.253.80: F, cksum 0xe2d8 (correct), 4190516671:4190516671(0) ack 1773977804 win 64318

08:07:36.205875 IP (tos 0x0, ttl 126, id 52255, offset 0, flags [DF], proto: TCP (6), length: 40) 10.10.167.215.2478 > 88.226.192.80.4662: F, cksum 0xba26 (correct), 1570289053:1570289053(0) ack 3650888539 win 65158

08:07:36.606658 IP (tos 0x0, ttl 126, id 52279, offset 0, flags [DF], proto: TCP (6), length: 40) 10.10.167.215.2516 > 78.172.187.125.4662: F, cksum 0xd4b1 (correct), 2629351951:2629351951(0) ack 2248091537 win 65203

08:07:38.255810 IP (tos 0x0, ttl 125, id 19819, offset 0, flags [DF], proto: TCP (6), length: 46) 10.10.167.13.63878 > 113.14.46.10.6647: FP, cksum 0xa020 (correct), 1932112766:1932112772(6) ack 3962097462 win 65535