From mboxrd@z Thu Jan 1 00:00:00 1970 From: Italo Valcy Subject: Re: How to use DNAT Date: Fri, 18 Feb 2011 09:50:26 -0300 Message-ID: <4D5E6B12.3040003@dcc.ufba.br> References: <184364666.3998.1297982398411.JavaMail.root@tahiti.vyatta.com> <1507403965.4030.1297983445466.JavaMail.root@tahiti.vyatta.com> <4D5DB226.7050002@plouf.fr.eu.org> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <4D5DB226.7050002@plouf.fr.eu.org> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="iso-8859-1" To: netfilter@vger.kernel.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, Em 17-02-2011 20:41, Pascal Hambourg escreveu: >> Also, bear in mind that the nat table is only consulted for=20 >> packets with state NEW. If your UDP flow state transitions to=20 >> ESTABLISHED before your NAT rule is created, the new rule will=20 >> not be applied to that flow. =20 >=20 > Actually it is even stricter : the nat rules are consulted only for t= he > first packet of a new flow ("connection"). The next packets skip the = nat > rules even when the flow does not transition to ESTABLISHED (when the= re > is no packet in the reply direction). Yes, you are correct, but I didn't understand this behaviour. I managed to get the netflow traffic working again by stoping the netflow device, wainting about one minute and starting again. Almost sure its the exact explanation above. But, why this behavior??? I think this problem starts happening when I restart the iptables rules and the traffic keeps going. Maybe in that moment, the packets does not pass to NAT table anymore. How can I fix it? Do you have any ideias guys? I'm using the rules generated by fwbuilder to start/restart the firewall. Thanks again for the help! - --=20 Sauda=E7=F5es, Italo Valcy :: http://wiki.dcc.ufba.br/~ItaloValcy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1eaxIACgkQfidLqjN6RNHpQACgm6ISsVBVByr5PSRT8LSu1WRA zwUAn1+VtJAxR42LfYS+aVHrTOXMQKbc =3D9O4a -----END PGP SIGNATURE-----