Suggestion regarding masquerading / action when the link goes down

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Christian Morgenstern" <C.Morgenstern@gmx.de>
To: <netfilter-devel@lists.netfilter.org>
Subject: Suggestion regarding masquerading / action when the link goes down
Date: Fri, 6 Jun 2003 19:02:35 +0200	[thread overview]
Message-ID: <005001c32c4d$6e2c3240$7b00a8c0@chr> (raw)

>From NAT-HOWTO:
You don't need to put in the source address explicitly with masquerading: it
will use the source address of the interface the packet is going out from.
But more importantly, if the link goes down, the connections (which are now
lost anyway) are forgotten, meaning fewer glitches when connection comes
back up with a new IP address.

So if the link goes down for a few seconds, and then comes back up all masq
connections are lost, even though the IP did not change.
Would it be possible to have an additional option for the kernel config, so
the connections aren't cleared if the connection goes down ?
Or even better, how about only clearing the connections if the link comes
back up having a different IP ?

I'm asking this because I've a semi-static IP, and my connection sometimes
drops for a few seconds, usually 3 or 4 times per week. Sometimes the IP
changes, but most times it doesn't. Having the connections cleared means I'd
loose all open connections everytime once I've upraded from ipchains to
netfilter/iptables.

Aside from that I have a related question which I haven't found in the
FAQ/HowTos:
Is the conntrack table also being cleared if the link goes down/comes back
up ?

-- Christian

next             reply	other threads:[~2003-06-06 17:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-06 17:02 Christian Morgenstern [this message]
2003-06-19 12:11 ` Suggestion regarding masquerading / action when the link goes down Harald Welte
2003-06-20  0:35   ` Philip Craig
2003-06-20  8:15     ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='005001c32c4d$6e2c3240$7b00a8c0@chr' \
    --to=c.morgenstern@gmx.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.