* Connlimit troubles ( still )
@ 2013-01-02 15:49 me
0 siblings, 0 replies; only message in thread
From: me @ 2013-01-02 15:49 UTC (permalink / raw)
To: netfilter
Hi All
Over the holiday I upgraded to:
Netfilter v1.4.14
OS 3.6.10-2.fc17.i686
I have the following in my rules:
-A PREROUTING -i p1p1 -p tcp --dport 4800 -j DNAT --to 192.168.1.253
...
-A FORWARD -i p1p1 -o em1 -d 192.168.1.253 -p tcp --syn -m connlimit --connlimit-above 1
-j LOG --log-prefix " MultiIP "
-A FORWARD -i p1p1 -o em1 -d 192.168.1.253 -p tcp --syn -m connlimit --connlimit-above 1
-j REJECT --reject-with tcp-reset
With the old OS - I would see the above log entry some of the time and assumed that the
packet was dropped.
With the NEW OS - I am not seeing anything.
conntrack shows incoming and outgoing ( conntrack -L ) but the filter is not logging or
rejecting any of the connections.
What am I missing?
Oh, folks connect on tcp 4800, then get a UDP port from the endpoint application. I can
view the endpoint application and see multiple connections from the same IP.
Thanks and Happy New Year!
todh
--
Todd Hackett Chief Bottle Washer
PoBox 1168
Libby, MT 59923
406.293.3843
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-01-02 15:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-02 15:49 Connlimit troubles ( still ) me
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).