synapse@xxxxxxxxxxxxxxxxxxx wrote: > root@test:~# conntrack -L -s 192.168.13.12 -q 192.168.13.12 -p tcp > --orig-port-src > 49939 --reply-port-src 12345 > tcp 6 431950 ESTABLISHED src=192.168.13.12 dst=217.20.131.2 > sport=49939 > dport=22 packets=2 bytes=112 src=127.0.0.1 > dst=192.168.13.12 sport=12345 dport=49939 packets=1 bytes=60 > [ASSURED] > mark=0 use=1 > > root@test:~# conntrack -G -s 192.168.13.12 -q 192.168.13.12 -p tcp > --orig-port-src > 49939 --reply-port-src 12345 > Operation failed: such conntrack doesn't exist My git snapshot fails as there are missing parameters: conntrack v0.9.7: missing IP address Try `conntrack -h' or 'conntrack --help' for more information. > The redirection is done as: > > iptables -t nat -F > iptables -t nat -X > iptables -t nat -Z > > iptables -t nat -A OUTPUT -p tcp --destination-port 22 -j REDIRECT > --to-ports 1234 > > I am using the latest ubuntu btw (upgraded fully), with versions: > conntrack 1.00~beta2-1 This version is very old. The conntrack package was superseded by the conntrack-tools. Please, check http://conntrack-tools.netfilter.org to get the latest. > Basically I am clueless here as to why -L shows the connection and -G > doesn't. My goal is to > transparently proxy outgoing connections through my program. Therefore I > need to detect > what its' original destination would be from the information seen by the > program on > 12345. As for now, the -G command requires the tuple {source, destination, source port, destination port, protocol}. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
