On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote: > Hello Pablo, > Just as better understanding, If i want to update using -U option, How > can i do that? > Suppose there is this rule in conntrack row: > udp 17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070 > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242 > sport=5005 dport > =5070 mark=0 use=1 > > and i want to update it with this command: > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat > 192.168.122.103:2222 --timeout 30 > Actually it was not updated and this issue was raised: > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated. You cannot update an existing entry with NATs. You can probably make your own libnetfilter_queue application that allows you to create conntrack entries from packets. If you want to do custom NAT handling some certain traffic. You will only need to pass the first packet of the flow to userspace to set up the NAT mangling you need. I would need to learn more on your usecase for this.
