Re: Re:How to kill DNAT'ed connection
В Чтв, 01/06/2006 в 08:57 +0200, marco.celeri пишет:
> Hi,
> can you remove the ESTABLISHED/RELATED rules for the disconnected client?
What you mean?
The only related rules where in PREROUTING in nat doing DNAT. On
disconnect of client's authorizing software the rules are deleted and
new connections can't be established (thats correct), but connection
that wa established before a still operating (that's wrong).
> Bye,
> Marco
>
> > Hi again,
> >
> > Another problem. I have set up a firewall rules to have my router DNAT
> > some destination IPs and Ports to another. There are also some scripts
> > used when the client is authorized (connected with authorization
> > software) and disconnected to bring up forwarding (routing for its IP)
> > and some DNATs for internal servers.
> >
> > When the client disconnects, the rules are deleted and new connection
> > are being rejected. But the problem is that existant DNAT'ed connection
> > are continue to operate.
> >
> > That has raised a question: How to kill DNAT'ed connection?
> >
> > ...or there are any other suggestions/technics?
> >
> > --
> > Pokotilenko Kostik <casper@meteor.dp.ua>
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
>
--
Покотиленко Костик <casper@meteor.dp.ua>
Reply to: