On Fri, Feb 11, 2005 at 11:47:37AM -0600, Asim Shankar wrote: > However, if I "ping D" from A and B, then no entry seems to be present > in ip_conntrack. My understanding based on: > http://www.faqs.org/docs/iptables/icmpconnections.html is that I > should see something in ip_conntrack. > > Am I missing something? yeah--you're just not that fast. a conntrack entry is created when the ICMP Echo-Request is received and removed when the Echo-Reply goes out. the total elapsed time that the conntrack entry exists would be in the very low millisecond range...and i don't think your cat is that fast. -j -- "Silly customer, you cannot hurt a Twinkie!" --The Simpsons
