On Feb 29 2008 16:19, Nishit Shah wrote: > >Hi, > I have following iptable rule in system. > > iptables -I PREROUTING -t nat -p tcp --dport 443 -j REDIRECT >--to-ports 3128 > kernel - 2.6.16.13 > > I am using following scenario for load testing > > 192.168.206.200 -----> 192.168.121.125 -----> 72.14.223.83 > Client iptables/proxy server server > > and I am getting following entry through conntrack binay as well as >in /proc/net/ip_conntrack > > [NEW] tcp 6 120 NONE src=192.168.206.200 dst=72.14.223.83 >sport=63423 dport=443 packets=1 bytes=48 [UNREPLIED] src=192.168.121.125 >dst=192.168.206.200 sport=3128 dport=46873 packets=0 bytes=0 id=28187887 > >Now here original and reverse tuples are --> > Original tuple 192.168.206.200:63423->72.14.223.83:443 > Reply tuple 192.168.121.125:3128->192.168.206.200:46873 > >So, here destination port of reverse tuple is 46873. Is it correct ? You could compare with the output of tcpdump to capture the actual on-wire situation especially regarding port 46873. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html