> The "nat" table only applies to packets that conntrack believes are > NEW. I.e. TCP SYN packets, or UDP/ICMP for which it doesn't yet have an > entry. As soon as the TCP session is established, nat isn't used any > more and conntrack takes over. > > If you keep one existing TCP connection open, that will continue to > have the nat rules applied that were in place when it was established, > regardless of the current ruleset in iptables. > Forgot to include in prev email, I did disconnect, then re-initiated a connection. Traffic still appeared on my redirect to port. even sent 'tcp packet' which showed up in my redirect to port. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
