Hello, Kamal Kumar a écrit : > I have an issue regarding nat in netfilter. When > I configure the following rule "iptables -t nat -A POSTROUTING -s > 0.0.0.0/0 -d 0.0.0.0/0 -i eth0 -o eth1 -j SNAT --to A.B.C.D" This command will fail with an error. The -i option is invalid in the POSTROUTING chain. > and run > some ip traffic from eth0 to eth1 found packets from eth1 with > translated source ip A.B.C.D, its fine but when I flush the nat > entries with traffic running from eth0 to eth1, I found packets on > eth1 with translated source ip A.B.C.D . Is this a problem if it is It is the expected default behaviour. The traffic creates new entries in the conntrack table. > then how to overcome it (when I flush the entries I should not see > packets from eth1 with translated source ip ). What exact behaviour do you want ? No translation or no packets ? For what kind of traffic (TCP, UDP...) ? May I ask what is your goal by doing this ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
