* conntrack: will it restart after delete?
@ 2008-11-17 16:31 sean darcy
2008-11-17 19:34 ` Pascal Hambourg
0 siblings, 1 reply; 4+ messages in thread
From: sean darcy @ 2008-11-17 16:31 UTC (permalink / raw)
To: netfilter
I've had a problem with a udp connection being setup before DNAT,
occurred. See "where are my udp packets going?" Nov 15, 2008.
So just before setting up DNAT I'd propose to run:
conntrack -D -p udp --dport 4569
but the user guide says this "blocks" the connection. I only want to
flush/empty it, and let it start again with DNAT working.
Does this do it? Or some other command?
sean
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack: will it restart after delete?
2008-11-17 16:31 conntrack: will it restart after delete? sean darcy
@ 2008-11-17 19:34 ` Pascal Hambourg
2008-11-21 2:34 ` sean darcy
0 siblings, 1 reply; 4+ messages in thread
From: Pascal Hambourg @ 2008-11-17 19:34 UTC (permalink / raw)
To: netfilter
Hello,
sean darcy a écrit :
> I've had a problem with a udp connection being setup before DNAT,
> occurred. See "where are my udp packets going?" Nov 15, 2008.
>
> So just before setting up DNAT I'd propose to run:
>
> conntrack -D -p udp --dport 4569
>
> but the user guide says this "blocks" the connection.
The user manual only says "this can be used to block traffic" (cut an
existing connection) with proper ruleset and settings. It does not block
traffic by itself.
> I only want to
> flush/empty it, and let it start again with DNAT working.
>
> Does this do it?
I guess so, although I never used conntrack (no need yet).
However I would run the conntrack command after setting up DNAT rules,
because a packet could arrive between the two operations. Deleting a UDP
conntrack entry should be harmless, as the next UDP packet would create
it again anyway.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack: will it restart after delete?
2008-11-17 19:34 ` Pascal Hambourg
@ 2008-11-21 2:34 ` sean darcy
2008-11-21 14:50 ` sean darcy
0 siblings, 1 reply; 4+ messages in thread
From: sean darcy @ 2008-11-21 2:34 UTC (permalink / raw)
To: netfilter
Pascal Hambourg wrote:
> Hello,
>
> sean darcy a écrit :
>> I've had a problem with a udp connection being setup before DNAT,
>> occurred. See "where are my udp packets going?" Nov 15, 2008.
>>
>> So just before setting up DNAT I'd propose to run:
>>
>> conntrack -D -p udp --dport 4569
>>
>> but the user guide says this "blocks" the connection.
>
> The user manual only says "this can be used to block traffic" (cut an
> existing connection) with proper ruleset and settings. It does not block
> traffic by itself.
>
>> I only want to flush/empty it, and let it start again with DNAT working.
>>
>> Does this do it?
>
> I guess so, although I never used conntrack (no need yet).
> However I would run the conntrack command after setting up DNAT rules,
> because a packet could arrive between the two operations. Deleting a UDP
> conntrack entry should be harmless, as the next UDP packet would create
> it again anyway.
> --
Well, it didn't work:
conntrack -D -p udp --dport 4569
conntrack v0.9.6: You need to supply the `--sport' option for this command
Try `conntrack -h' or 'conntrack --help' for more information.
conntrack -D -p udp --sport 4569
conntrack v0.9.6: You need to supply the `--dport' option for this command
Try `conntrack -h' or 'conntrack --help' for more information.
conntrack -D -p udp --sport 4569 --dport 4569
conntrack v0.9.6: Can't kill conntracks just by its IDTry `conntrack -h'
or 'conntrack --help' for more information.
Puzzled, but trolling through man conntrack.
Any suggestions.
sean
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack: will it restart after delete?
2008-11-21 2:34 ` sean darcy
@ 2008-11-21 14:50 ` sean darcy
0 siblings, 0 replies; 4+ messages in thread
From: sean darcy @ 2008-11-21 14:50 UTC (permalink / raw)
To: netfilter
sean darcy wrote:
> Pascal Hambourg wrote:
>> Hello,
>>
>> sean darcy a écrit :
>>> I've had a problem with a udp connection being setup before DNAT,
>>> occurred. See "where are my udp packets going?" Nov 15, 2008.
>>>
>>> So just before setting up DNAT I'd propose to run:
>>>
>>> conntrack -D -p udp --dport 4569
>>>
>>> but the user guide says this "blocks" the connection.
>>
>> The user manual only says "this can be used to block traffic" (cut an
>> existing connection) with proper ruleset and settings. It does not
>> block traffic by itself.
>>
>>> I only want to flush/empty it, and let it start again with DNAT working.
>>>
>>> Does this do it?
>>
>> I guess so, although I never used conntrack (no need yet).
>> However I would run the conntrack command after setting up DNAT rules,
>> because a packet could arrive between the two operations. Deleting a
>> UDP conntrack entry should be harmless, as the next UDP packet would
>> create it again anyway.
>> --
>
> Well, it didn't work:
>
> conntrack -D -p udp --dport 4569
> conntrack v0.9.6: You need to supply the `--sport' option for this command
> Try `conntrack -h' or 'conntrack --help' for more information.
>
> conntrack -D -p udp --sport 4569
> conntrack v0.9.6: You need to supply the `--dport' option for this command
> Try `conntrack -h' or 'conntrack --help' for more information.
>
> conntrack -D -p udp --sport 4569 --dport 4569
> conntrack v0.9.6: Can't kill conntracks just by its IDTry `conntrack -h'
> or 'conntrack --help' for more information.
>
> Puzzled, but trolling through man conntrack.
>
Solved. I was using 0.9.6, upgraded to 0.9.8 - now it works.
sean
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-11-21 14:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-17 16:31 conntrack: will it restart after delete? sean darcy
2008-11-17 19:34 ` Pascal Hambourg
2008-11-21 2:34 ` sean darcy
2008-11-21 14:50 ` sean darcy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox