[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] iptables caching?
- Subject: [ale] iptables caching?
- From: stephen at bee.net (Stephen Cristol)
- Date: Wed, 10 Dec 2008 19:56:04 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
> I have the following rules in my iptables script:
> $IPTABLES -A Allow --proto tcp --destination-port 25 -j ACCEPT
> $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 25 -j DNAT
> - --to 10.1.1.34:25
> $IPTABLES -A Allow --proto tcp --destination-port 80 -j ACCEPT
> $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 80 -j DNAT
> - --to 10.1.1.32:80
> I had a typo originally that sent dport 80 to 10.1.1.32:25 which I
> fixed. I have verified
> there are no other rules for port 80 but it is still sending anything
> that hits port 80 to
> 10.1.1.32:25. The first 2 rules are working fine though.
> any ideas?
Make sure that the active rules are the rules you think are active with:
/sbin/iptables -t nat -vL
> If I had to guess, the issue lies in the Connection tracking in the
> kernel, not iptables itself. I'm not sure how to clear this without a
Often, watching the byte and packet counts in the verbose listing
(above) are sufficient to identify what it happening. You can reset
these counts with the -Z option.
If you need more information, you could also log packets.