> It's not a bug. The connection tracking table is independent from the > ruleset by design. There is not much point in (automatically) changing > the NAT tuples while a TCP connection is open anyway - since it would > rupture the connection (and that's what can happen if you force it with > conntrack -F.) Thanks for the information. So even if i install xtables add on the behavior will be the same.? ie if i was sending some icmp packets through output interface eth0, i need to stop and start the traffic again after applying NAT. I was thinking of installing x-tables add on to solve this. regards sreejith -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
