On 03/25/2018 01:38 AM, Andrea Bodrati wrote: > I'm using shorewall 4.5.5.3 on a Debian distribution. > I have tried the following rule in /etc/shorewall/masq : > eth0:y.y.y.y - x.x.x.x:5060 udp 5061 > But on the remote system I still see the traffic coming from > x.x.x.x:5061 instead of x.x.x.x:5060. I even tried to change x.x.x.x > with 1.1.1.1 but I still see the traffic coming from x.x.x.x > The rule gets loaded by shorewall but for some reasons it doesn't works : > 11:24:48 Compiling /etc/shorewall/masq... > 11:24:48 Masq record "eth0:y.y.y.y - x.x.x.x:5060 udp 5061" Compiled > Any ideas ? >
This is UDP -- if there is an old conntrack table entry in the kernel that has the traffic not natted, then no NAT rule will work until that entry is removed using the conntrack utility or until the entry times out. shorewall show connections | fgrep 5061 will show you such entries. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users