Hello, Muhammad Yousuf Khan a écrit : > i run this command > > iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE > > my client computers able to ping 8.8.4.4 > > but when i "iptables --flush -t nat" it clrear the table but my > client can still ping the destination.
Do you mean that the client gets a reply ? Surprising. As Joe wrote, the nat table uses connection tracking state that can be viewed in /proc/net/nf_conntrack. But AFAIK and IME, a conntrack entry created by a echo request is deleted after a corresponding echo reply is received. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
