Hi all, i have a nat box connecting my lan to internet via two pppoes, i want to be able to route lan hosts trough ppp0 or ppp1 independently. i managed iproute2 and iptables rules to make the thing work (almost...). the problem is that if i reroute hosts on the fly (and i really need to), conntrack keeps the entry and sends out packet on the correct interface but with the wrong snat (the previous one), with the response coming back on the other ppp (weird)! if i wait for the conntrack to timeout, then everything is ok... but i need instant complete switch! i tried the hping2 hack, and it's ok for TCP... but i also need to drop UDP entries... (such as dns queries...) so i need a way to _selectively_ delete conntrack entries! searched the net but found nothing apart some very old similar posts... thank you very much Massimiliano Galanti ____________________________________________________________ Navighi a 4 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it
