Hello, Pete Kay a écrit : > > I have the following NAT rule set up : > > udp 17 12 src=192.168.1.102 dst=192.168.1.140 sport=7390 > dport=8000 packets=6 bytes=3258 [UNREPLIED] src=192.168.1.140 > dst=192.168.1.102 sport=10000 dport=9000 packets=0 bytes=0 mark=0 > secmark=0 use=2 This is not a NAT rule but a conntrack entry. > What I am expecting to achieve is that when udp packets go from > 192.168.1.102:7390 to 192.168.1.140:8000, the conntrack module would > redirect the packet to 192.168.1.102:9000, but it is not happening. > > Does anyone know what is wrong? It is not happenning because of the above conntrack entry that says otherwise and already exists for these packets, so iptables NAT rules are ignored. You must first delete the conntrack entry with conntrack-tools or by not transmitting related packets until it expires. Then the next packet will hit the iptables NAT rules and create a new conntrack entry accordingly. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
