Do the packets belong to one UDP session? If not, this number of packets might overflow your connection-tracking table. Ramin On Mon, Sep 15, 2003 at 07:05:50PM -0600, Jim Redman wrote: > [apologies if this is a duplicate - the list manager has ack'd my > request but still bounced the first copy] > > I have a system that is sending UDP packets to port 995 at about 100 > packets/second. I want to redirect these to 1995 so that I can listen > on an unpriveledged port. So I: > > iptables -t nat -A PREROUTING -p udp --dport 995 \ > -j REDIRECT --to-port 1995 > > This seems to work some of the time, but most of the time not. It > seems to work better when the connection is across a VPN which limits > that packets to about 5-10/second. So I assume that I've hit some > limit, however this (and a number of variants) don't seem to help: > > iptables -t nat -I PREROUTING -m limit --limit 1000/s \ > --limit-burst 1000 -j ACCEPT > > Am I missing something obvious? Any suggestions? > > Thanks, > > Jim > > -- > > Jim Redman > (505) 662 5156 x85 > http://www.ergotech.com
