view nat mappings
Stephen Clark
stephen.clark at earthlink.net
Fri Feb 3 19:04:12 CET 2006
Pablo Neira Ayuso wrote:
>Stephen Clark wrote:
>
>
>>Does iptables have the capability to list out the actual nat
>>mappings/translations,
>>not just the rules that are currently active -
>>similar to the way FreeBSD's ipfilter/ipnat does?
>>
>>
>
>So, if I understood well, you want to get only current nat'ted
>connections, right?
>
>If so, this is fairly easy to implement in the conntrack tool. Something
>like `conntrack -L nat` to show all current nat'ed connections. Is this
>really of interest for everyone?
>
>
>
Actually this is on an embedded system running uClinux 2.4.6, an
ActionTec DualPC Modem.
I am trying to use it as backup for ipsec traffic. Everything works
great until we have an interruption - like the phone connection drops
the vpn won't get reestablished. But when we
use an Apple Airport Extreme Base Station - the vpn get reestablished
with no problem. So it
seems ther is some state in the ActionTec modem/router - it is
performing masquerading - that keep the vpn from coming up. IT is really
strange because we get SA's (isakmp traffic) on both sides, but esp
traffic never gets across.
Steve
traffic doesn't
More information about the netfilter-devel
mailing list