I have a situation where a continuous ping, expected to create a new
connection each time, turns into a single connection in ESTABLISHED state
Here are the details:
- iptables runs on a bridge
- The bridge connects eth1 and eth2
- The iptables rules (minimized for the sake of this post)
-A FORWARD -p icmp -m physdev --physdev-in eth1 --physdev-is-bridged -j
ACCEPT
-A FORWARD -p icmp -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m state --state NEW -j ACCEPT
-A FORWARD -j ACCEPT
- A machine located on the eth2 network constantly sends a ping to a machine
located in eth1 network
- "iptables -L -v" shows the counters growing on rules #1 and #3. This is
expected.
- However, at some point, the counters start increasing on rule #2, and stop
increasing on rule #3. This can happen after 200 pings, 400, or even 3000 in
one overnight test.
Any idea what's going on ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
