Hi,

 

I would like to add a NAT rule on a gateway while connections are passing through it, and have the rule apply to existing connections. I understand this is not the behavior when the rule is simply added to the NAT table, since netfilter consults the NAT table only for the first packet of the connection. I assume that if I can delete connection tracking information on the gateway, once a packet belonging to an existing connection passes through the gateway netfilter will regard it as a new connection (since there is no connection tracking information for it), and apply the new NAT rules that existing connection. My questions are:

 

1.	Is my assumption correct?
2.	Is the answer to the first question is yes, how can I delete connection tracking information?

 

Thanks,

Tsachi Sharfman.