I configured a tunnel between my network and a remote network with OpenSwan. On my tunnel endpoint, running on Ubuntu, I added iptables rules to disable source NAT (SNAT) when the destination was the remote network. Packets sent from my network to the remote network will be sent with the private IP address as source.
Here's what my NAT table looks like
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere ! <remote_network>
This all worked fine for a while, but at some point the tunnel was down. It appeared that my more restrictive rule had been replaced by the generic rule that performs SNAT on all packets. Other rules in FORWARD table were also removed. The server has not been rebooted for more than 300 days !
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
I tried adding a script in /etc/network/if-up.d to restore my conf every time the networking service restarted but that didn't help. I also installed the package 'iptables-persistent' but that didn't help either.
My tunnel endpoint is also running OpenVpn for other purposes.
What process is likely to change my iptables like that ? How can I make sure it won't be changed again ?