Re: NAT problem with iptables

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cliff Stanford <cliff@may.be>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: NAT problem with iptables
Date: Sun, 07 Oct 2007 22:09:59 +0200	[thread overview]
Message-ID: <47093D17.4010206@may.be> (raw)
In-Reply-To: <470932FC.7090801@plouf.fr.eu.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pascal Hambourg wrote:

> A possible explanation may be the following.
> The remote box sends a continuous stream of UDP packets. The first 
> packet was received before the ruleset was installed but after the 
> conntrack was loaded, so a conntrack entry was created with no NAT, and 
> does not expire because of the continuous stream.

Thank you!  You hit the nail right on the head!

> Clear the conntrack table by any means and see what happens.

I cleared it with conntrack -F and you were absolutely right.  It's now
working as expected.  I knew it had to be my naivety but I couldn't see
what I was doing wrong.

Out of interest, I can't seem to find a syntax that conntrack -D likes;
is there a tutorial for it anywhere or any docs better than the man page?

Thanks again, Pascal, for that speedy and helpful response.

Regards,
Cliff.
- --
Cliff Stanford
Might Limited                           +44 845 0045 666 (Office)
Suite 67, Dorset House                  +44 7973 616 666 (Mobile)
Duke Street, Chelmsford, CM1 1TB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHCT0XfNTx9pWyKfwRAsvbAJ9701Tsw6S/KiXOFkXiDEjQPYetwwCgnsEO
tdtJvqrbnz9P/SYY3VeSFws=
=GwFc
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2007-10-07 20:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-10-07 17:19 NAT problem with iptables Cliff Stanford
2007-10-07 19:26 ` Pascal Hambourg
2007-10-07 20:09   ` Cliff Stanford [this message]
2007-10-07 20:32     ` Pascal Hambourg
  -- strict thread matches above, loose matches on Subject: below --
2002-09-11 14:43 Marian Stepka
2002-09-11 17:40 ` Antony Stone
     [not found]   ` <3D7FE077.EEE22CE@itdimensions.com>
2002-09-12  9:51     ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47093D17.4010206@may.be \
    --to=cliff@may.be \
    --cc=netfilter@vger.kernel.org \
    --cc=pascal.mail@plouf.fr.eu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.