Hi, Here is a problem which I used to have with MASQUERADE, When the machine boots - naturally there are some connections which begin to flow as soon as the first ppp interface comes up... Some of these connections remain open for days - for example - openvpn and iax2 trunks... Since ppp0 always come up first, then these connections begin to flow via ppp0 and with the MASQ IP of ppp0... Later, when the mangle-rules kick-in, these connections are being router via ppp4 (which is what I want)... So far no problem.. The only problem is that these packets now exit via ppp4 but they continue to keep the source IP of ppp0 Ok, I tried to use the userspace conntrack-tool to search and remove these entries, but this tool doesn't allow me to do something like this $> conntrack -L conntrack -d IP ...without asking me the complete tuple-information. I can't delete every entry with a specific IP either without providing a complete tuple. Maybe we could add a parameter to the target masquerade, which could add a flag in the conntrack that would mean "don't use the conntrack entry, we want to go through the MASQUERADING code again". What you guys think it should be wise to do ? thank you Nick -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html