Hello :) I have a problem with a Gentoo box that I'm using as firewall at home (vanilla kernel 2.6.11.11, iptables 1.3.2, dhclient 3.0.1). I have an ADSL connection with DHCP assigned dynamic IP address, so I use "-j masquerade $WAN_IF" to NAT all traffic destined for the Internet. My ISP (Telia, Sweden) uses a DHCP lease time of 10 minutes leading to constant renewal of the lease. If I use "-j masquerade" instead of "-j snat" I cannot have any longlived connections (they all die with "new not syn" or "invalid"). With "-j snat" there isn't any problems (except that this is a little hard to use with a dynamic IP...). What is supposed to happen to the masquerade nat entries when a dhcp renewal happens, particularly one that doesn't actually change the IP address to a new one? Thanks, Henning
