[Bug 850] DNAT applied even after deleting the IP Tables DNAT Rule

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Sep 12 10:51:38 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=850

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |pablo at netfilter.org
         Resolution|                            |FIXED

--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-09-12 10:51:38 CEST ---
(In reply to comment #2)
> Hi Phil,
> 
> Thanks for the reply. I just had idea that a cache is maintained by NAT but I
> did not know the exact location/details. I have seen that the entry for which
> DNAT was applied still present in "/proc/net/nf_conntrack". 
> 
> Can you please provide any information on when this entry gets expired? Is this
> timeout configurable?

See this:

http://lxr.linux.no/linux+v3.11/Documentation/networking/nf_conntrack-sysctl.txt
http://conntrack-tools.netfilter.org/manual.html

Please, user questions should be asked via the netfilter users mailing list:

http://www.netfilter.org/mailinglists.html#ml-user

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list