Yes, that was it! This was also the hint I needed to get some more complex rules setup and now everything is working just the way I want. Merci! On Fri, 02 Oct 2009 15:49:43 +0200, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > Marcel Laverdet a écrit : >> >> For some reason I can't seem to get the NOTRACK iptables rule to do >> anything at all. Can anyone make sense of the following session which I >> think describes the problem better than words could. The session below >> was >> carried out on a reasonably busy server, and I didn't waste much time in >> between each command. > [...] >> fantasma marcel # iptables -t raw -A PREROUTING -i lo -j NOTRACK > > I guess the raw/PREROUTING chain is too late for local traffic. Locally > generated packets are processed by conntrack in the NF_IP_LOCAL_OUT hook > unless the NOTRACK target was used in the raw/OUTPUT chain. > > Try this instead : > iptables -t raw -A OUTPUT -o lo -j NOTRACK -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
