Hello, moniacheli@xxxxxxxxxx a écrit :
I have configured iptables for modifying ip source of syslog packets outgoing from one of my router interfaces.
[...]
If I delete the previuos rules, I have no effect on syslog traffic and also if I give new iptables command with different ip source syslog pkt maintains the previous ip source (2.2.2.2) while no rule is configured with this ip.
The reason of this apparently (but only apparently) unexpected behaviour is explained in chapter 5 of the NAT-HOWTO http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-5.html :
"At each of the points above, when a packet passes we look up what connection it is associated with. If it's a new connection, we look up the corresponding chain in the NAT table to see what to do with it. The answer it gives will apply to all future packets on that connection."
So, once a NAT operation has been associated to a connection and as long as the connection exists (or, at least, as long as Netfilter connection tracking keeps track of that connection), the same NAT operation applies to every packet belonging to that connection. This is independant of any subsequent iptables rule modification.
Is there some iptables options that I have to give to force the rules updating?
No, iptables cannot help you on this. All you can do is close the affected connection to delete the entry in the conntrack table and the NAT operation associated to it. When a new connection is established, the new NAT rule will apply to it.
