On Thu, 20 Nov 2008 10:24:55 -0800 Mike <mikef1007@xxxxxxxxx> wrote: > Thats good and all, but when I iptables -F , shouldn't I stop seeing > traffic on my redirect port? Am I missing something else? Not necessarily. The "nat" table only applies to packets that conntrack believes are NEW. I.e. TCP SYN packets, or UDP/ICMP for which it doesn't yet have an entry. As soon as the TCP session is established, nat isn't used any more and conntrack takes over. If you keep one existing TCP connection open, that will continue to have the nat rules applied that were in place when it was established, regardless of the current ruleset in iptables. -- Paul Evans <paul@xxxxxxxxxxxxx> Tel: +44 (0) 845 666 7778 Fax: +44 (0) 870 163 4694 http://www.mxtelecom.com
Attachment:
signature.asc
Description: PGP signature
