Hello all I read man conntrack document guide. That is great. I have a issue while i am working on it. For example i just want to insert new rule in conntrack table like this: conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 --dport 5005 -r 192.168.122.1 -q 192.168.122.103 --reply-port-src 1111 --reply-port-dst 2222 --timeout 30 it successfully inserted but doesn’t work and traffic will be go to INPUT chain. if i insert these two rules in iptables, the same above rules will be inserted in conntrack table automatically and works correctly.(the traffic will be traversed to 192.168.122.1 host) iptables -t nat -A PREROUTING -i eth0 -p udp -s 192.168.122.242 --dport 5005 -j DNAT --to 192.168.122.1:1111 iptables -t nat -A POSTROUTING -p udp --dport 1111 -j SNAT --to 192.168.122.103:2222 Who can i solve this problem? With Best regards.Mojtaba On Thu, Apr 25, 2019 at 7:29 PM Mojtaba <mespio@xxxxxxxxx> wrote: > > Hello all > I read man conntrack document guide. That is great. > I have a issue while i am working on it. For example i just want add > new rule like this: > conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > --dport 5005 -r 192.168.122.1 -q 192.168.122.103 --reply-port-src 1111 > --reply-port-dst 2222 --timeout 30 > > But it doen't work. > if i insert these two rule in iptable, the same above rule will insert > in conntrack table automatically and work correctly. > iptables -t nat -A PREROUTING -i eth0 -p udp -s 192.168.122.242 > --dport 5005 -j DNAT --to 192.168.122.1:1111 > > iptables -t nat -A POSTROUTING -p udp --dport 1111 -j SNAT --to > 192.168.122.103:2222 > Who can i solve this problem? > With Best regards.Mojtaba > > > -- > --Mojtaba Esfandiari.S -- --Mojtaba Esfandiari.S
