Hi Marcelo! Pleae apply the following trivial fix to your 2.4.x tree. I've already submitted a 2.6.x fix for this to davem.
Thanks! -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
[NETFILTER] Inherit masq_index to slave connections
masq_index is used for cleanup in case the interface address changes
(such as a dialup ppp link with dynamic addreses). Without this patch,
slave connections are not evicted in such a case, since they don't inherit
masq_index.
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
Index: linux-2.4.31/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
--- linux-2.4.31.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-04-04
03:42:20.000000000 +0200
+++ linux-2.4.31/net/ipv4/netfilter/ip_conntrack_core.c 2005-07-30
15:59:41.000000000 +0200
@@ -741,6 +741,11 @@
/* Welcome, Mr. Bond. We've been expecting you... */
__set_bit(IPS_EXPECTED_BIT, &conntrack->status);
conntrack->master = expected;
+#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
+ defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+ /* this is ugly, but there is no other place where to put it */
+ conntrack->nat.masq_index = expected->expectant->nat.masq_index;
+#endif
expected->sibling = conntrack;
LIST_DELETE(&ip_conntrack_expect_list, expected);
expected->expectant->expecting--;
pgpAJWvBE7Kgi.pgp
Description: PGP signature
