Le lundi 24 octobre 2005 à 16:58 +0200, LE BER Erwan RD-CORE-LAN a écrit : > Hello, > > I'm using iptables on an embeded linux plateform. I applie a first > PREROUTING DNAT rule , it's OK. > But Now I need to update the rule to rout this packet to another > terminal. I have flushed my iptables rules and create an another but the > packets always go to the first terminal. > Can you help me on updating a iptables rules without stoping the packets > flow. In fact, this is not possible without kernel interaction. NAT chains is only hit at first packet, the connection tracking then stores the translation done and keep it for all the connection. Maybe you could have a look at the connmark tool that will be available with 2.6.14. It seems to be able to update conntrack entry, that could be a nice workaround. Cordialement, -- Éric Leblond, eleblond@xxxxxx Téléphone : 01 44 89 46 40, Fax : 01 44 89 45 01 INL, http://www.inl.fr
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
