That is probably the case.
How would someone remove an entry (based on IP and port)?
Also, I plan on having around 10k rules like this, currently the packets are
just dropped. Are there any better way (performance wise) of doing this?
Thanks,
Sheepa
----- Original Message -----
From: "François Legal" <devel@xxxxxxxxxxxxxx>
To: "Sheepa" <sheepa@xxxxxxxxxx>
Sent: Thursday, March 11, 2010 3:56 PM
Subject: Re: Update delay when using nat table?
I guess that is because there is already a conntrack entry for the packets
that you're sending to port 777. You can confirm this by checking
/proc/net/nf_conntrack
If my guess is correct, you have to remove the entry (or even flush the
entire table) from conntrack with the "conntrack" tool.
François
On Thu, 11 Mar 2010 01:42:23 +0100, "Sheepa" <sheepa@xxxxxxxxxx> wrote:
Hello, im trying to redirect a port based in source ip like this:
iptables -t nat -A PREROUTING -p udp --dport 777 -j REDIRECT --to-port
888 -s x.x.x.x
Notice that i will have services listening on both ports. Allthough this
works it takes several minutes for it to take effect. And it doesn't
seem
to
take effect at all if i keep sending packages to port 777 here in the
example. How can i make it take effect instantly? Or is thier any other
way
of doing this (redirecting a port locally) on a debian squeeze machine?
Thanks,
Sheepa
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
