Hello, thanks for your reply! See my comments below. KOVACS Krisztian <hidden@xxxxxxxxxx> írta: > > Hi, > > On Tuesday 14 February 2006 10:34, Keserű Kornél wrote: > > I'm using iptables (v1.3.4 on a 2.6.15.3 kernel) in order to NAT > > incoming UDP packets arriving on a single IP:port (1-1 rules in PRE- > > and POSTROUTING chains in the nat table). I found out that packets are > > Why do you need two rules here? Redirecting incoming UDP packets to a > single IP:port has nothing to do with POSTROUTING, it's a single rule on > PREROUTING. I also have to modify the source of the packets not only the destination (I want to realize NAT). Maybe my sentence (about redirection) was misleading. > > > How could I find out, why are the packets lost? Is there a log entry > > somewhere that says if an UDP packet was dropped because of... ? > > Try monitoring /proc/net/stat/ip_conntrack. I guess the number you find > in the insert_failed column will match the number of dropped packets. Thanks for the hint! I checked it. Strange, that not the "insert_failed" but the number in the "dropped" column is incremented with 99. 1 packet (the first one) was forwarded successfully. Note, that with my test program I send packets from 100 different sources within a very short time (some milliseconds) to the same IP:port (where iptables is setup). Do I overload something with that? Thanks, Kornel Keseru ___________________________________________________________________________ Pénzügyi szolgáltatás és hiteligénylés interneten keresztül a nap 24 órájában az [origo]-n. http://www.klikkbank.hu
