After investigating i found out that the NAT connection is probably monitoring the underlying TCP connection, so setting the Keepalive to 0 should do the trick. However, I think the same problem occurs when a client goes from authorized to unauthorized state. Wouldn't the currently active TCP connection pass throught their NAT connection as long as they are not closed (from a TCP point of view)? - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
