Re: How to use DNAT

[Italo Valcy <italo@dcc.ufba.br>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

Em 17-02-2011 20:41, Pascal Hambourg escreveu:
>> Also, bear in mind that the nat table is only consulted for 
>> packets with state NEW. If your UDP flow state transitions to 
>> ESTABLISHED before your NAT rule is created, the new rule will 
>> not be applied to that flow.  
> 
> Actually it is even stricter : the nat rules are consulted only for the
> first packet of a new flow ("connection"). The next packets skip the nat
> rules even when the flow does not transition to ESTABLISHED (when there
> is no packet in the reply direction).

Yes, you are correct, but I didn't understand this behaviour. I managed
to get the netflow traffic working again by stoping the netflow device,
wainting about one minute and starting again. Almost sure its the exact
explanation above. But, why this behavior???

I think this problem starts happening when I restart the iptables rules
and the traffic keeps going. Maybe in that moment, the packets does not
pass to NAT table anymore. How can I fix it? Do you have any ideias
guys? I'm using the rules generated by fwbuilder to start/restart the
firewall.


Thanks again for the help!


- -- 
Saudações,

Italo Valcy :: http://wiki.dcc.ufba.br/~ItaloValcy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1eaxIACgkQfidLqjN6RNHpQACgm6ISsVBVByr5PSRT8LSu1WRA
zwUAn1+VtJAxR42LfYS+aVHrTOXMQKbc
=9O4a
-----END PGP SIGNATURE-----