nat and conntrack
Mon, 20 Nov 2000 12:34:32 -0800
What is the best way to destroy a tracked connection besides waiting for
it to timeout?
I have a linux (2.4.0-test10) router which uses SNAT for PCs behind the
router. These PCs change frequently and always have different IP address
assignments that I have no control over. A problem occurs when a new PC
sends a DNS packet through the gateway before the SNAT rule is added. In
this case a new tracked connection is established and subsequent DNS
packets use that connection even after a new SNAT rule is added. Only
after the tracked connection times out is the SNAT rule followed.
My first thought is to destroy all related connections after a new SNAT
rule is added.