Well in fact there is a TCP keep alive And setting KeepAlive to false would resolve the problem. However I think that's because the browser, when the TCP connection is closed, uses a new source port to open the next TCP connection. (at least firefox uses port+1). That way it does not go through the same DNAT connection , goes into the nat table again and is routed to the internet. But there is no reason for the browser not to use the same source for the next connection (I don't know at all how opera, IE etc etc would behave). But i admit i did not test opening a new connection using the same source port. I'll try using REDIRECT (my http server is on localhost), I hope it does not need to keep a context as DNAT does, but I'm afraid it's the case. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
