17 Aug
2016
17 Aug
'16
1:32 p.m.
It is behind my ISP cable modem, I had to get it setup
in bridging mode
after the last time they upgraded it. My router is showing all the
tunnel traffic (via tcpdump) so I'm fairly certain the modem isn't the
issue.
Ok. I heard before from other members of this group that they had a similar
setup, yet I was never able to ping them unless they first pinged me.
Central to my confusion at the moment is the rule in
the nat PREROUTING
isn't counting packets.
Remember that iptables NAT processing in Linux is stateful. It only sees
"new" traffic for a connection. Once a connection is in the NAT table, the
traffic goes "around" those rules much like Established/Related traffic in
the filter tables, but without an explicit visible rule for that purpose.
So, when you ping outward over a tunnel, you will not see those rules matching
yet the traffic is forwarded as reply to your outgoing pings.
Only when you ping from somewhere else, those rules are going to be of influence.
But of course they only see traffic when it actually arrives on your router.
Rob