Thank you, Phil - that might be the answer. I'm not super knowledgeable about iptables, and I certainly didn't configure it this way (specifically), but the one problematic node does seem to have a postrouting chain. I'll have to investigate how this came about and how to remove, but perhaps this is it:
[root@foo:~]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 155M packets, 15G bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 270K packets, 15M bytes) pkts bytes target prot opt in out source destination 105M 13G MASQUERADE all -- * eth+ 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 105M packets, 13G bytes) pkts bytes target prot opt in out source destination cheers and thanks, Ian Veach, Senior Systems Analyst System Computing Services, Nevada System of Higher Education On Tue, Jul 19, 2016 at 3:10 AM, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 19/07/16 00:38, Ian Veach wrote: > >> >> Negative Ghostrider...: >> >> [root@foo:~]# iptables -t raw -nvL >> > > Might want to check "-t nat" as well. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
