To clear things up:
Connection which was up was not blocked in FORWARD?
You only changed rule in PREROUTING ("...different source adress...")?
If so, "old" connection just didn't hit prerouting as its already been there,
and forward isn't dropping its packets.
To me it seems to behave as expected.
On Thursday 26 January 2006 17:15, Ethy H. Brito wrote:
> On Thu, 26 Jan 2006 08:58:34 -0600
> I did this. Stoped (flushed) all (I really mean all) rules and started them
> again with a diferent source adderss for NAT rules. My surprise was that
> that old NAT connection continued to flow despite the fact there was no
> rule at NAT filter for it. I suppose this old connection is still flowing
> because conntrack database state it as ESTABLISHED and it is grabbed by
> "ESTABLISHED, RELATED -j ACCEPT" rule. Did I made myself clear?
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
