From: Andrew Beverley <andy@andybev.com>
To: rahul shrivastava <shrivastavaone@gmail.com>
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org
Subject: Re: facing problem with iptables nat rules and traffic flow scnerios
Date: Fri, 04 May 2012 18:09:23 +0100 [thread overview]
Message-ID: <1336151363.1912.97.camel@andrew-desktop> (raw)
In-Reply-To: <CAE1WnGdo1O0AyS0Q=00m3vou0nQnE0FzSR3-NWi-YMr3zwn8dA@mail.gmail.com>
[ Please use the netfilter not netfilter-devel list for this sort of
question ]
On Thu, 2012-05-03 at 14:25 +0530, rahul shrivastava wrote:
> I am using iptables for nat
> kernel version is 2.6.35+
> working on powerpc target
>
> case 1) traffic is already flowing and we apply a rule, that rule will
> become effective only when we stop traffic and start again.
>
> case 2) traffic is already flowing and we delete a rule, this rule
> will still be effective unless we stop and start traffic again.
>
> observation: /proc/net/ip_conntrack file is updated only after stoping
> and starting traffic again.
Depending what you are doing, this shouldn't happen. How are you
applying the rules? Directly with iptables commands? If so, what are the
commands? For some rules, such as port redirection, I have found that
the conntrack cache needs to be cleared.
Andy
prev parent reply other threads:[~2012-05-04 17:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-03 8:55 facing problem with iptables nat rules and traffic flow scnerios rahul shrivastava
2012-05-04 17:09 ` Andrew Beverley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1336151363.1912.97.camel@andrew-desktop \
--to=andy@andybev.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=shrivastavaone@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).