Dhyanesh Ramaiya a écrit : > > I have setup a Linux firewall on the edge of the network and doing SNAT for > internal IPs. When I sniff on external interface for internal source IPs,I > am seeing FIN packets from internal IPs going out without being NAT-ed. These packets are probably classified in the INVALID state by the connection tracking. Such packets are ignored by the NAT. A reason may be that they belong to old connections the connection tracking has forgotten about or considers already closed. Does your rulest DROP outgoing packets in the INVALID state ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
