Den 18. feb. 2011 kl. 13.50 skrev Italo Valcy <italo@xxxxxxxxxxx>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
Em 17-02-2011 20:41, Pascal Hambourg escreveu:
Also, bear in mind that the nat table is only consulted for
packets with state NEW. If your UDP flow state transitions to
ESTABLISHED before your NAT rule is created, the new rule will
not be applied to that flow.
Actually it is even stricter : the nat rules are consulted only for
the
first packet of a new flow ("connection"). The next packets skip
the nat
rules even when the flow does not transition to ESTABLISHED (when
there
is no packet in the reply direction).
Yes, you are correct, but I didn't understand this behaviour. I
managed
to get the netflow traffic working again by stoping the netflow
device,
wainting about one minute and starting again. Almost sure its the
exact
explanation above. But, why this behavior???
I think this problem starts happening when I restart the iptables
rules
and the traffic keeps going. Maybe in that moment, the packets does
not
pass to NAT table anymore. How can I fix it? Do you have any ideias
guys? I'm using the rules generated by fwbuilder to start/restart the
firewall.
You flush the conntrack table.
# conntrack -F
Atle.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
