On Tue, 14 Feb 2012, Enrique Huerta de la Fuente wrote: > The problem is that the MASQUERADE rule does not work with UDP(1195). > > Any idea? One thing to check out, took me a whole day to figure out with openvpn udp traffic to port 1194 not beeing masqueraded in some "random" cases: Does the connection to your port 1195 exist before the filewall rulesets are loaded first after boot? - one packet before the rule setup may be enough. Once a connection with the same sip+sport+dip+dport has been added to the conntrack list their masquerading/SNAT/DNAT state is not changed again - and with the "virtual" udp connection they can stay alive quite a while. Perhaps try just flushing the whole connection-tracking table and see if it starts working afterwards: conntrack -F conntrack ; conntrack -F expect c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
