Iptables forwarding flapping

view story

http://forums.fedoraforum.org – I hope I can articulate my problem is as few words as needed. I have two networks, each with their own firewalls and a IPsec connection between them is one firewall(F8). It is also a virtual machine host for the web server: 192.168.700.1(F6) is my other firewall. 192.168.700.2(F6) is an application server behind it. I have an OpenSwan 2.4.9 IPsec connection between these networks. I have iptable forwarding rules that redirect any port 80 or 443 traffic directed at towards and source masquerading in the other direction Code: $IPT=/sbin/iptables $IPT -A INPUT -s 0/0 -p tcp --dport 80 -j ACCEPT $IPT -A FORWARD -p tcp -i $IF --dport 80 -o $INIF -d -j ACCEPT $IPT -t nat -A PREROUTING -p tcp -dport 80 -d -j DNAT --to-destination $IPT -A INPUT -s 0/0 -p tcp --dport 443 -j ACCEPT $IPT -A FORWARD -p tcp -i $IF --dport 443 -o $INIF -d -j ACCEPT $IPT -t nat -A PREROUTING -p tcp -dport 443 -d -j DNAT --to-destination $IPT -t nat -A POSTROUTING -d -o $INIF -j SNAT --to-source Sporatically, a warning from my app server will say that is down. I'll ping from my firewall (192.168.700.1) and all will be well If I ping from the app server (192.168.700.2), no response happens. When I do a: Code: traceroute from 192.168.700.2 I get: Code: traceroute to (, 30 hops max, 60 byte packets  1  wall.mysystem.com (192.168.700.1)  0.134 ms  0.061 ms  0.072 ms  2 (  25.826 ms  26.041 ms  26.025 ms The funny(strange) thing is if I perform a Code: service ipsec restart This fixes things but only for a while. Ditto with Code: service firestarter restart Yet if I ignore the warning messages my server spews, the problem - whatever it is - fixes itself. :confused: Any thoughts? Specific additional info can be provided upon request. Cheers (HowTos)