Hi Jan, Thanks again for your reply. I understand that I can not do much with the current kernel. But i have to live with it for the moment. If possible, can you please let me know the implications of setting the ip_conntrack_udp_timeout to 0 if we use. I have also realised it is not a sure shot workaround for this issue. I have increased the sleep interval to 45 seconds and the source ip gets changed 80% of the time. Thanks a lot. ----- Original Message ----- From: Jan Engelhardt <jengelh@xxxxxxxxxx> To: Autocad Learner <learn.autocad@xxxxxxxxx> Cc: "netfilter@xxxxxxxxxxxxxxx" <netfilter@xxxxxxxxxxxxxxx> Sent: Monday, July 18, 2011 1:15 PM Subject: Re: [MASQUERADE] Not changing to new source ip address when dynamically assigned in ppp link On Monday 2011-07-18 13:54, Autocad Learner wrote: >Hi Jan, > >Thanks for your quick reply. > >Unfortunately we cannot upgrade our kernels. > >I would like to know if there is any clean work around to deal with this >issue. You could clear the CT table on ppp-down... but that, too, is only available in newer kernel versions. [In other words, running old systems just works to your _complete_ disadvantage.] >We do not want to do an iptables restart or server restart to take this >effect. Also i saw in one of the posts i can set the ip_conntrack_udp_timeout >and ip_conntrack_udp_timeout_stream to 0 and revert back after 10 seconds. >Since i am a newbie, i am not sure whether this would affect any other >application. Is it the best way to deal with this issue? > >To understand this problem:- > >The ip_dynaddr says it would update the ip address when the packet is >retransmitted before we get any incoming packets from the destination. I only glanced over it, but it seems ip_dynaddr is merely to cater for address changes in the TCP SYN retry cycle during dial-on-demand. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
