From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pascal Hambourg Subject: Re: [MASQUERADING] iptables keeps sending from old IP after ppp0's IP has changed Date: Wed, 30 Aug 2006 15:25:37 +0200 Message-ID: <44F591D1.5080008@plouf.fr.eu.org> References: <200608301407.55481.Daniel@musketa.de> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: netfilter@lists.netfilter.org Hello, Jan Engelhardt a =E9crit : >>Every night the router's ppp0 goes down and after about a minute up aga= in with=20 >>a new IP. But iptables keeps on sending the NATted UDP packets _from_ t= he old=20 >>IP address. `iptables -F` and reloading the rules doesn't help. The onl= y=20 >>workaround is to stop asterisk on the NAT client for about 2 minutes.=20 >=20 > That is how it is. The -t nat table is only consulted for NEW connectio= ns. >=20 >>Why isn't this table deleted when ppp0 goes down? >=20 > netfilter does not know it has gone down, I think. Unlike SNAT, isn't the MASQUERADE target supposed to delete obsolete=20 masqueraded conntrack entries when the related interface goes down - or=20 maybe when it goes up again with a different address ? >>How can I force iptables to use ppp0's real IP address as sender IP in=20 >>outgoing packets? >=20 > Flush the conntrack table when ppp0 has gone up (yes, up) Why not when ppp0 has gone down ?