On Thu, Mar 11, 2010 at 6:12 AM, Sheepa <sheepa@xxxxxxxxxx> wrote: > Hello, im trying to redirect a port based in source ip like this: > iptables -t nat -A PREROUTING -p udp --dport 777 -j REDIRECT --to-port 888 > -s x.x.x.x > > Notice that i will have services listening on both ports. Allthough this > works it takes several minutes for it to take effect. And it doesn't seem to > take effect at all if i keep sending packages to port 777 here in the > example. How can i make it take effect instantly? Or is thier any other way > of doing this (redirecting a port locally) on a debian squeeze machine? > > Thanks, > Sheepa -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > I had similar problem . I was syn-flooding one interface and there is an iptable rule to reject all syn-flood . But while flooding ,eventhough i opened port , ( in my case ) packets are not flowing ....it is still getting dropped . I thought ,it could be a problem due to resource constrain in my box ( small ram , little processor speed ) . Even if packets are dropped , will there be conntrack entry for those packets ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
