Linux – iptables : Does DNAT rule redirect UDP packets from one destination ip to another immediately

iptableslinux

there are one UDP client(192.168.206.45) and one UDP server (192.168.212.21) connection

I want to use DNAT rule to redirect UDP packets from one server (192.168.212.21) to another server (192.168.215.46) "immediately" after I command like :

iptables -t nat -A PREROUTING -d 192.168.212.21 -j DNAT –to-destination 192.168.215.46

Question :

  1. Rarely it works to redirect packets immediately. Does the DNAT rule work timely ? Because the DNAT rules normally works only after the UDP connection reboot.

  2. How can I fix the problem to redirect UDP packets timely?

thanks for your reading.

Best Answer

iptables DNAT target provides stateful NAT feature. Any packet is first matched upon conntrack table and if a NAT entry is there, the packet is NATted the same way. If you remove the previous connection entry the iptables rule will be applied for the next packet and new connection entry will be created.

You can remove conntrack entries for UDP as described here

Related Topic