On Fri, 7 Oct 2005, Marek Zachara wrote:
here is the conntrack entry: irongate:~# cat /proc/net/ip_conntrack |grep 4569 udp 17 28 src=10.0.0.250 dst=83.16.54.250 sport=4569 dport=4569 [UNREPLIED] src=83.16.54.250 dst=10.0.0.250 sport=4569 dport=4569 use=1
This connection is not NAT:ed..
the counter at iptables got only 8 packets, but the router has been up for about 6 hours and these packets are being sent every few seconds: Chain POSTROUTING (policy ACCEPT 73434 packets, 3691K bytes) pkts bytes target prot opt in out source destination 8 704 SNAT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:4569 to:192.168.100.1
And you are positively sure the data stream was not known to conntrack before you added the NAT rule?
Unfortunately it is impossible to tell from an conntrack when it was created, and since this application is used fixed port numbers once the connection gets into conntrack it's very likely the conntrack may have been around for quite some time.. Unlike most client traffic where new source ports is selected in each connection attemt, making them classify as new conntrack entries.
Regards Henrik