On Tuesday 13 April 2004 2:54 pm, Jee J.Z. wrote:
> Hi all,
>
> I just found an interesting issue and wish to have your confirmation:
>
> My network setup is like the following:
>
> PC1 and the Internet<---->PC2<---->PC3
>
> PC2 is doing nat for PC3 and is transparant to PC3. I start transmitting a
> large file using ftp from PC1 to PC3 via PC2. During the transmission, I
> disable all the nat rules on PC2 (iptables -F & iptables -F -t nat), but
> PC2 goes on doing nat until finishing transmitting the whole file. Only
> after that the connectivity between PC1 and PC3 breaks.
>
> Could anyone tell me the reason for this phenomenon?
Connection tracking.
If you look at the packet counts in your nat rules, you will only see the
first packets of each connection - all the rest get handled in the background
by the nat-helper for ftp, and your rules don't see them.
Therefore, once the first packet of a connection has gone past, you only need
the nat-helper to keep the connection going; you don't need any nat rules any
more.
Regards,
Antony.
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Please reply to the list;
please don't CC me.
