[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] iptables caching?

> I have the following rules in my iptables script:
>   $IPTABLES -A Allow --proto tcp --destination-port 25 -j ACCEPT
>   $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 25 -j DNAT
> - --to
>   $IPTABLES -A Allow --proto tcp --destination-port 80 -j ACCEPT
>   $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 80 -j DNAT
> - --to
> I had a typo originally that sent dport 80 to which I
> fixed.  I have verified
> there are no other rules for port 80 but it is still sending anything
> that hits port 80 to
>  The first 2 rules are working fine though.
> any ideas?

Make sure that the active rules are the rules you think are active with:

/sbin/iptables -vL
/sbin/iptables -t nat -vL

> If I had to guess, the issue lies in the Connection tracking in the
> kernel, not iptables itself.  I'm not sure how to clear this without a
> restart.

Often, watching the byte and packet counts in the verbose listing  
(above) are sufficient to identify what it happening. You can reset  
these counts with the -Z option.

If you need more information, you could also log packets.