[Bug 850] DNAT applied even after deleting the IP Tables DNAT Rule
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Sep 12 09:14:55 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=850
--- Comment #2 from Dath Raj <b.dathraj at gmail.com> 2013-09-12 09:14:55 CEST ---
Hi Phil,
Thanks for the reply. I just had idea that a cache is maintained by NAT but I
did not know the exact location/details. I have seen that the entry for which
DNAT was applied still present in "/proc/net/nf_conntrack".
Can you please provide any information on when this entry gets expired? Is this
timeout configurable?
Thanks,
Dath Raj
(In reply to comment #1)
> You do realize that until the conntrack expires, NAT will still be applied,
> right? Have you verified that the conntrack entry with NAT has expired? Try
> "grep 2.2.2.2 /proc/net/nf_conntrack" (or use the conntrack tool if you
> prefer).
>
> Also: why are you listing the same IP twice here:
>
> --to-destination 2.2.2.2-2.2.2.2
>
> only need it once unless you have a range of IPs.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list