On Thu, 2005-01-13 at 15:10, Marcin Giedz wrote: > >I think you need to get rid of the /proc/net/ip_conntrack > >entry but there is no mechanism to do this. > > > > > So how this is removed from ip_conntrack after some period of time?. As > I said before, on a next day all GRE packets are transimited through > router, thence it seems that there is some "TTL" on "these" packets. There is some kind of timeout on the conntrack entries and I assume each protocol (tcp/udp/icmp/gre) has its own value. In my case it never does work because the source never stops sending and even though it is doing the wrong thing applying the NAT it keeps the timeout from expiring. -- Les Mikesell les@xxxxxxxxxxxxxxxx
