On Monday 2011-07-18 13:54, Autocad Learner wrote: >Hi Jan, > >Thanks for your quick reply. > >Unfortunately we cannot upgrade our kernels. > >I would like to know if there is any clean work around to deal with this >issue. You could clear the CT table on ppp-down... but that, too, is only available in newer kernel versions. [In other words, running old systems just works to your _complete_ disadvantage.] >We do not want to do an iptables restart or server restart to take this >effect. Also i saw in one of the posts i can set the ip_conntrack_udp_timeout >and ip_conntrack_udp_timeout_stream to 0 and revert back after 10 seconds. >Since i am a newbie, i am not sure whether this would affect any other >application. Is it the best way to deal with this issue? > >To understand this problem:- > >The ip_dynaddr says it would update the ip address when the packet is >retransmitted before we get any incoming packets from the destination. I only glanced over it, but it seems ip_dynaddr is merely to cater for address changes in the TCP SYN retry cycle during dial-on-demand. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
