Hi, There seem to be something weird in 2.4 compared to 2.2. The masquerading in 2.4 can apparently transform a router into an automatic trafic generator in some cases. Here is the logical network configuration I have, a simple masqueraded network : I----F----E I (bepc.paralline.i) : internal computer using masquerading (standard linux 2.2.16) F (external IP : maxwell.paralline.com, internal IP 192.168.2.1) : firewall doing the masquerading (2.4.0test8, PII/350 128MB, uptime 30 days) E : external network (cable modem) For switching from 2.2 to 2.4, I compiled the ipchains module and used the emulation method. Here are the firewall masquerading rules this problem appeared with : ipchains -P forward DENY ipchains -A forward -s 192.168.2.0/24 -j MASQ Exactly the same that what I used for 2.2 kernels... And here is a crazy log from tcpdump executed on the external interface of the firewall : 20:42:55.594209 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419278 22758571> (DF) 20:42:55.594877 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.595405 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419278 22758571> (DF) 20:42:55.595879 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.596212 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419278 22758571> (DF) 20:42:55.596729 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.597403 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419278 22758571> (DF) 20:42:55.604912 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.605259 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419279 22758571> (DF) 20:42:55.605495 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.605806 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419279 22758571> (DF) 20:42:55.606113 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.606654 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419279 22758571> (DF) 20:42:55.612966 www.geologie.ens.fr.http > bepc.paralline.i.4198: . ack 1 win 8760 <nop,nop,timestamp 22759037 36387023> (DF) 20:42:55.613309 maxwell.paralline.com.61642 > www.geologie.ens.fr.http: . ack 1 win 31856 <nop,nop,timestamp 36419280 22758571> (DF) Stopping the http browser didn't help. If I disconnect the external network ethernet cable during a few seconds and reconnect it, it stops generating trafic. This problem happens with various web servers being browsed (i.e. : different OS stacks). It did not appear before the 2.4 switch with the same internal computer and kernel. I checked the list archives and found nothing related to that kind of problems. I don't know this area of the kernel enough to track down the bug, but I will give all the help I can. I can add test code to the firewall, patch/recompile a kernel and provide new logs if needed. Hope it helps, Pierre BRUA -- PARALLINE /// Parallelism & Linux /// 71,av. des Vosges Phone:+33 388 141 740 mailto:[EMAIL PROTECTED] F-67000 STRASBOURG Fax:+33 388 141 741 http://www.paralline.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/