Re: facing problem with iptables nat rules and traffic flow scnerios

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: facing problem with iptables nat rules and traffic flow scnerios
       [not found] <CAE1WnGdo1O0AyS0Q=00m3vou0nQnE0FzSR3-NWi-YMr3zwn8dA@mail.gmail.com>
@ 2012-05-04 17:09 ` Andrew Beverley
  0 siblings, 0 replies; only message in thread
From: Andrew Beverley @ 2012-05-04 17:09 UTC (permalink / raw)
  To: rahul shrivastava; +Cc: netfilter-devel, netfilter

[ Please use the netfilter not netfilter-devel list for this sort of
question ]

On Thu, 2012-05-03 at 14:25 +0530, rahul shrivastava wrote:
> I am using iptables for nat
> kernel version is 2.6.35+
> working on powerpc target
> 
> case 1) traffic is already flowing and we apply a rule, that rule will
> become effective only when we stop traffic and start again.
> 
> case 2) traffic is already flowing and we delete a rule, this rule
> will still be effective unless we stop and start traffic again.
> 
> observation: /proc/net/ip_conntrack file is updated only after stoping
> and starting traffic again.

Depending what you are doing, this shouldn't happen. How are you
applying the rules? Directly with iptables commands? If so, what are the
commands? For some rules, such as port redirection, I have found that
the conntrack cache needs to be cleared.

Andy



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2012-05-04 17:09 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <CAE1WnGdo1O0AyS0Q=00m3vou0nQnE0FzSR3-NWi-YMr3zwn8dA@mail.gmail.com>
2012-05-04 17:09 ` facing problem with iptables nat rules and traffic flow scnerios Andrew Beverley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).