Thanks - it seems as if it did the trick! Connections are set up properly and marked as CLOSE afterwards, and cleaned out properly. Great!
Thanks for your note on this... looks like a netfilter bug to me. Did you have any problems running 2.6.9? I am looking at the diffs and it looks like there are a number of changes to the ip_conntrack code in 2.6.10. When reading though the changelog for 2.6.11-rc5 it doesn't appear that any of these issues are resolved, so I may have to go back to 2.6.9 if it is known to work.
Could you try whether or not the following patch fixes your problem?
https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017908.html
Thank you very much, Michael
