From: Jim Redman <jim@ergotech.com>
To: Ramin Dousti <ramin@cannon.eng.us.uu.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: UDP Redirects
Date: Tue, 16 Sep 2003 08:52:05 -0600 [thread overview]
Message-ID: <20030916145205.GU1272@charizard.ergotech-usa.com> (raw)
In-Reply-To: <20030916142432.GD16559@cannon.eng.us.uu.net>; from ramin@cannon.eng.us.uu.net on Tue, Sep 16, 2003 at 08:24:32 -0600
Ramin,
On 2003.09.16 08:24, Ramin Dousti wrote:
> Do the packets belong to one UDP session? If not, this number of
> packets
> might overflow your connection-tracking table.
The packets are all individual entities. Any solution if this is the
problem? Any way to test? (There are no indications in the syslog
that I've noticed).
Jim
>
> Ramin
>
> On Mon, Sep 15, 2003 at 07:05:50PM -0600, Jim Redman wrote:
>
> > [apologies if this is a duplicate - the list manager has ack'd my
> > request but still bounced the first copy]
> >
> > I have a system that is sending UDP packets to port 995 at about 100
>
> > packets/second. I want to redirect these to 1995 so that I can
> listen
> > on an unpriveledged port. So I:
> >
> > iptables -t nat -A PREROUTING -p udp --dport 995 \
> > -j REDIRECT --to-port 1995
> >
> > This seems to work some of the time, but most of the time not. It
> > seems to work better when the connection is across a VPN which
> limits
> > that packets to about 5-10/second. So I assume that I've hit some
> > limit, however this (and a number of variants) don't seem to help:
> >
> > iptables -t nat -I PREROUTING -m limit --limit 1000/s \
> > --limit-burst 1000 -j ACCEPT
> >
> > Am I missing something obvious? Any suggestions?
> >
> > Thanks,
> >
> > Jim
> >
> > --
> >
> > Jim Redman
> > (505) 662 5156 x85
> > http://www.ergotech.com
>
--
Jim Redman
(505) 662 5156 x85
http://www.ergotech.com
next prev parent reply other threads:[~2003-09-16 14:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-16 0:07 UDP Redirects Jim Redman
2003-09-16 1:05 ` Jim Redman
2003-09-16 14:24 ` Ramin Dousti
2003-09-16 14:52 ` Jim Redman [this message]
2003-09-16 15:42 ` Jim Redman
[not found] ` <20030916154220.GC8490@charizard.ergotech-usa.com>
[not found] ` <20030916155245.GF16559@cannon.eng.us.uu.net>
2003-09-16 17:20 ` Jim Redman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030916145205.GU1272@charizard.ergotech-usa.com \
--to=jim@ergotech.com \
--cc=netfilter@lists.netfilter.org \
--cc=ramin@cannon.eng.us.uu.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.