On 04/28/2018 10:17 PM, Norman Henderson wrote: > SO, UDP NAT has continued to happen overnight... Keeping that in mind > here is what I get immediately after conntrack -F : > > Apr 29 06:03:50 voyage3 kernel: [34497.236640] TRACE: > raw:PREROUTING:policy:13 IN=vlan1 OUT= > MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 > DST=10.1.0.252 LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=53015 PROTO=UDP > SPT=5060 DPT=5060 LEN=391 > Apr 29 06:03:50 voyage3 kernel: [34497.236685] TRACE: > mangle:PREROUTING:policy:1 IN=vlan1 OUT= > MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 > DST=10.1.0.252 LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=53015 PROTO=UDP > SPT=5060 DPT=5060 LEN=391 > Apr 29 06:03:50 voyage3 kernel: [34497.236716] TRACE: > mangle:FORWARD:rule:1 IN=vlan1 OUT=wlan1 > MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 > DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=53015 PROTO=UDP > SPT=5060 DPT=5060 LEN=391
Note that the DST IP address changed without the packet going through the nat table. That means that there was already a conntrack entry in place. Were you tracing when you did the 'conntrack -F'? -Tom Note: It is also odd that each trace message was repeated. I deleted the duplicates in the output above. -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
