On 5/9/08, Grant Taylor wrote: > This really makes me believe that you are dealing with what connection > tracking thinks is an on going existing established flow / connection. > Remember that the NAT table only sees the first packet of a connection. > So if you are altering your NAT table after a connection is > established it will name make any difference to the existing connection. > This is further exemplified by you testing .3-.5 and seeing them start > to change and then continue doing what they were when you flush your NAT > table. I think you will find that if you stop your connections, wait a > few minutes, and then start them back up they will behave as expected. Yes, that sounds as a good explanation of this phenomenon. However this behavior is not what I want/expect from netfilter. I'm looking for a simple, straight-forward, connectionless 1to1 IP NAT. And, of course, i'm looking for something that can be enabled/disabled without waiting minutes! Ok then, if that's the normal behavior of netfilter's NAT module, I'll have to find an alternative solution. Thank you very much for your help. Andrea -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
