Hi all,
i hope i'm not totally wrong on this list.
I setup a NAT router with the help of adsl-setup and shorewall. I've got a ppp link to the net and shorewall created the iptables. after a reconnect of the ppp link i get a new ip-address, but as long as the existing kernel udp mappings| which were create by outgoing udp traffic| don't get timed out, the router sends out udp packets belonging to this mapping still contain the previous public ip-address.
i can see this in /proc/net/ip_conntrack and ethereal:
udp 17 178 src=192.168.0.160 dst=217.10.79.9 sport=5060 dport=5060 src=217.10.79.9 dst=80.135.x.y sport=5060 dport=5060 [ASSURED] use=1
but 80.135.x.y was my ipaddress some hours ago. if i stop sending udp packets for about 5 minutes, the mapping is gone and replaced by a mapping containing the correct public ip address.
ethereal shows, that the source address of the outgoing udp packets is the old address, so i'm spoofing my ip address.
the kernel should notice that the ipaddress belonging to the mapping changed and remove the mapping, shouldn't it?
Any suggestions on how to solve this problem?
Thanks,
joe
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
