On Sat, 1 Oct 2005, Marek Zachara wrote:
irongate:~# tcpdump -ni eth1 udp port 4569
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
19:56:41.784463 IP 10.0.0.250.4569 > 84.16.64.240.4569: UDP, length: 25
19:56:43.785641 IP 10.0.0.250.4569 > 84.16.64.240.4569: UDP, length: 25
Odd..
Any suggestions what i could be doing wrong?
What does /proc/net/ip_conntrack say about the session?
grep 84.16.64.240 /proc/net/ip_conntrack
udp 17 50 src=10.1.1.3 dst=10.1.1.1 sport=32793 dport=53 src=10.1.1.1 dst=10.1.1.3 sport=53 dport=32793 [ASSURED] use=1
the second number (50) is the current timeout of that session.
the first src/dst/port pair is the original packet. The second pair is the
NAT info.
And what timeouts is your kernel configured with?
cat /proc/sys/net/ipv4/netfilter/conntrack_udp_timeout
cat /proc/sys/net/ipv4/netfilter/conntrack_udp_timeout_stream
Regards
Henrik
