Re: iptables service with debian

To: debian-user@lists.debian.org
Subject: Re: iptables service with debian
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Sat, 28 Apr 2012 00:56:47 +0200
Message-id: <[🔎] 4F9B242F.70101@plouf.fr.eu.org>
In-reply-to: <[🔎] CAGWVfMmQK0uvzaF1jBGbG12Rzeq_O8Fszf=E-StvH8wgPLT-Cg@mail.gmail.com>
References: <[🔎] CAGWVfMmQK0uvzaF1jBGbG12Rzeq_O8Fszf=E-StvH8wgPLT-Cg@mail.gmail.com>

Hello,

Muhammad Yousuf Khan a écrit :
> i run this command
> 
> iptables -t nat -A POSTROUTING -o eth1 -d 8.8.4.4 -j MASQUERADE
> 
> my client computers able to ping 8.8.4.4
> 
> but  when i "iptables --flush -t nat"  it clrear the table but my
> client can still ping the destination.

Do you mean that the client gets a reply ? Surprising.
As Joe wrote, the nat table uses connection tracking state that can be
viewed in /proc/net/nf_conntrack. But AFAIK and IME, a conntrack entry
created by a echo request is deleted after a corresponding echo reply is
received.

Reply to:

References:
- iptables service with debian
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>

Prev by Date: Re: Anyway of keeping gnome2 while upgrading from Squeeze to Wheezy
Next by Date: Re: iptables service with debian
Previous by thread: Re: iptables service with debian
Next by thread: How /etc/hosts.allow /etc/hosts.deny and smb.conf play along
Index(es):
- Date
- Thread