On Thu, Nov 08, 2012 at 06:37:24PM +0000, Chris Wilson wrote: [...] > >>Another option which doesn't violate layering might be to update > >>the NAT rule when the outgoing address is known (after routing), > > > >That is what MASQUERADE is usually for. > > Unfortunately I am using MASQUERADE and this still happens. If it > could just be fixed in the MASQUERADE target that would be a big > win. MASQUERADE already cleans up the entries in the conntrack table once you get your device down, that code is still there in 2.6.18: http://lxr.linux.no/#linux+v2.6.18/net/ipv4/netfilter/ipt_MASQUERADE.c#L111 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
