From: Mojtaba <mespio@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Issue related to conntrack while insert new rule with conntrack command in linux
Date: Sat, 27 Apr 2019 00:20:33 +0430 [thread overview]
Message-ID: <CABVi_Ex1KoK22m6cKsnCLaTC1gaFSUqX2a54m3H=dm8DZ9NFFQ@mail.gmail.com> (raw)
In-Reply-To: <20190426193732.xk3aektc7fb4eg2h@salvia>
Yes, it's perfect. I just forgot to enable ip_forwarding right now.
the problem was because of it.
I used this command and it works properly.
conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070
--dport 5005 --dst-nat 192.168.122.1:1234 --src-nat
192.168.122.103:2222 --timeout 30
That's great. Thank you so much Pablo.
With best regards
On Sat, Apr 27, 2019 at 12:07 AM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> On Fri, Apr 26, 2019 at 11:53:29PM +0430, Mojtaba wrote:
> > Thanks again, It works correctly now. But how can i set port 1111? I
> > have just tried like this command but i don’t work and i don't get any
> > packets on port 1111 in 192.168.122.1:
> > conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070
> > --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30
> >
> > The packets that i got on 192.168.122.1 are either port 5070 or port
> > 5005 like below:
> > 23:33:38.520746 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12
> > 23:33:38.528807 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12
> >
> > Actually i would like get packet on 192.168.122.1 on port 1111 like
> > this. If i set the two rule of iptables in nat table, i could see the
> > packet on 192.168.122.1 like below,too
> > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12
> > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12
> >
> > So how can i set --src-nat to 192.168.122.103 and port 2222, too?
>
> Does this work?
>
> conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30
--
--Mojtaba Esfandiari.S
next prev parent reply other threads:[~2019-04-26 19:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-25 14:59 Issue related to conntrack while insert new rule with conntrack command in linux Mojtaba
2019-04-25 15:08 ` Mojtaba
2019-04-25 22:45 ` Pablo Neira Ayuso
2019-04-26 10:22 ` Mojtaba
2019-04-26 19:23 ` Mojtaba
2019-04-26 19:37 ` Pablo Neira Ayuso
2019-04-26 19:50 ` Mojtaba [this message]
2019-04-27 9:01 ` Mojtaba
2019-04-27 9:43 ` Pablo Neira Ayuso
2019-04-27 11:30 ` Mojtaba
2019-04-28 6:29 ` Mojtaba
2019-04-28 8:02 ` Mojtaba
-- strict thread matches above, loose matches on Subject: below --
2019-04-25 9:22 Mojtaba Esfandiari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABVi_Ex1KoK22m6cKsnCLaTC1gaFSUqX2a54m3H=dm8DZ9NFFQ@mail.gmail.com' \
--to=mespio@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).