* view nat mappings
@ 2006-02-02 14:17 Stephen Clark
2006-02-02 20:34 ` Krzysztof Oledzki
2006-02-03 16:33 ` Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Stephen Clark @ 2006-02-02 14:17 UTC (permalink / raw)
To: netfilter-devel
Hello List,
Does iptables have the capability to list out the actual nat
mappings/translations,
not just the rules that are currently active -
similar to the way FreeBSD's ipfilter/ipnat does?
I've perused the man pages and googled but was unable to find anything
that seemed
pertinent.
TIA,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: view nat mappings
2006-02-02 14:17 view nat mappings Stephen Clark
@ 2006-02-02 20:34 ` Krzysztof Oledzki
2006-02-03 16:33 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Krzysztof Oledzki @ 2006-02-02 20:34 UTC (permalink / raw)
To: sclark46; +Cc: netfilter-devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 373 bytes --]
On Thu, 2 Feb 2006, Stephen Clark wrote:
> Hello List,
Hello,
> Does iptables have the capability to list out the actual nat
> mappings/translations,
> not just the rules that are currently active -
Please use "conntrack -L" or "cat /proc/net/ip_conntrack" for older
kernels than 2.6.14.
Best regards,
Krzysztof Olędzki
PS: This is a devel ml.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: view nat mappings
2006-02-02 14:17 view nat mappings Stephen Clark
2006-02-02 20:34 ` Krzysztof Oledzki
@ 2006-02-03 16:33 ` Pablo Neira Ayuso
2006-02-03 18:04 ` Stephen Clark
1 sibling, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2006-02-03 16:33 UTC (permalink / raw)
To: sclark46; +Cc: netfilter-devel
Stephen Clark wrote:
> Does iptables have the capability to list out the actual nat
> mappings/translations,
> not just the rules that are currently active -
> similar to the way FreeBSD's ipfilter/ipnat does?
So, if I understood well, you want to get only current nat'ted
connections, right?
If so, this is fairly easy to implement in the conntrack tool. Something
like `conntrack -L nat` to show all current nat'ed connections. Is this
really of interest for everyone?
--
Pablo
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: view nat mappings
2006-02-03 16:33 ` Pablo Neira Ayuso
@ 2006-02-03 18:04 ` Stephen Clark
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Clark @ 2006-02-03 18:04 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: sclark46, netfilter-devel
Pablo Neira Ayuso wrote:
>Stephen Clark wrote:
>
>
>>Does iptables have the capability to list out the actual nat
>>mappings/translations,
>>not just the rules that are currently active -
>>similar to the way FreeBSD's ipfilter/ipnat does?
>>
>>
>
>So, if I understood well, you want to get only current nat'ted
>connections, right?
>
>If so, this is fairly easy to implement in the conntrack tool. Something
>like `conntrack -L nat` to show all current nat'ed connections. Is this
>really of interest for everyone?
>
>
>
Actually this is on an embedded system running uClinux 2.4.6, an
ActionTec DualPC Modem.
I am trying to use it as backup for ipsec traffic. Everything works
great until we have an interruption - like the phone connection drops
the vpn won't get reestablished. But when we
use an Apple Airport Extreme Base Station - the vpn get reestablished
with no problem. So it
seems ther is some state in the ActionTec modem/router - it is
performing masquerading - that keep the vpn from coming up. IT is really
strange because we get SA's (isakmp traffic) on both sides, but esp
traffic never gets across.
Steve
traffic doesn't
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-02-03 18:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-02-02 14:17 view nat mappings Stephen Clark
2006-02-02 20:34 ` Krzysztof Oledzki
2006-02-03 16:33 ` Pablo Neira Ayuso
2006-02-03 18:04 ` Stephen Clark
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.