On Thursday 20 February 2003 05:01 pm, Fabrizio Di Meo wrote: > Hi, > > I'm using suse 7.3 and iptables v1.2.2. > > Performing a prerouting operation like the folowing one: > > iptables -t nat -A PREROUTING -p tcp --dport 139 -i ppp0 -j DNAT --to > 192.168.1.5:139 > > I got an anomaly because even though it's really working fine it goes > on to forward the packets when removed by this: > > iptables -t nat -D PREROUTING -p tcp --dport 139 -i ppp0 -j DNAT --to > 192.168.1.5:139 > > I couldn't explain that such iptables' behaviour....is here anyone who > can? Very likely connection tracking still has 'live' connections, and it is allowing them to continue. If the connection is already ESTABLISHED then NAT will normally continue to function for that connection even if the rule that initiated it is removed. j
