|
||||||||
Yep, UDP is was. I'll use Reset state from now on. Thanks Manuel. ----- Original Message ----- From: "Manuel Kasper" <mk at neon1 dot net> To: "Eric Garnice" <eric at number13 dot com> Cc: <m0n0wall at lists dot m0n0 dot ch> Sent: Thursday, December 18, 2003 2:30 PM Subject: Re: [m0n0wall] Packets still forwarded... > On 18.12.2003, at 20:13, Eric Garnice wrote: > > > I've noticed that if I change a NAT port mapping, packets are > > forwarded to > > both the original destination as well as the new destination until I > > reboot > > m0n0wall. > > Did you test with UDP? If so, then that's very well possible and also > unavoidable, as m0n0wall cannot know when an UDP transmission is over, > so the entry in the state and NAT tables will remain for a few minutes > until it times out. You can manually clear these tables on the "Reset > state" page. > > > This can be very dangerous. I do software testing, and need to change > > No. Even if NAT failed by redirecting packets that it wasn't supposed > to, it still wouldn't be "dangerous" as the packet filter would take > care of it (if configured properly). Changing a NAT rule does not > change any filter rules, even if a filter rule was initially auto-added > (checkbox on add NAT rule screen). > > - Manuel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |