On Wednesday 2012-06-20 17:05, sreejith menon wrote: >I have enabled IP masquerading on an outgoing interface using the below >command > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE. > >But it doesnt seem to take effect if the traffic was ongoing. As soon >as i stop and start traffic the rule is effective. Is it implemented >this way or do i need to apply xtables add on patch to fix this issue? >Currently i am doing a conntrack -F to avoid this issue. But i would >like to have a permanent fix. Any ideas? It's not a bug. The connection tracking table is independent from the ruleset by design. There is not much point in (automatically) changing the NAT tuples while a TCP connection is open anyway - since it would rupture the connection (and that's what can happen if you force it with conntrack -F.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
