Hi Robert and List Actually, the rule PRERUOTING isn't matching, and I remember be with this problem about 5minutes and the clients vpn still atemp conect to the Firewall, but something strange happened, only one tun vpn, reconect automatically to the new servervpn behind the Firewall but the rest did not conected.(about 50 vpn client.) One question, I donde have that file /proc/sys/net/netfilter/nf_conntrack_udp_timeout* I don't have netfilter directory, where is that ?? Thanks for the assistance -- Angel 2010/3/17 Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx>: > On 03/17/2010 08:14 PM, Jan Engelhardt wrote: >> >> On Thursday 2010-03-18 01:20, Robert Nichols wrote: >>> >>> And, I just noticed that the protocol is UDP. The only way a UDP >>> entry gets removed from conntrack is by timing out, and that can take >>> up to 3 minutes (see the values in >>> /proc/sys/net/netfilter/nf_conntrack_udp_timeout*). >> >> No, that is not the only way. You can manually remove entries >> with `conntrack -D ...`. > > Yes, I should have said, "... gets removed _automatically_ ...". > > -- > Bob Nichols "NOSPAM" is really part of my email address. > Do NOT delete it. > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Atte Angel Motta Paz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
