Hi I've been monitoring my conntrack table using the very neat (!) tool iptstat. What I noticed is this. When I browse the web behind my Linux NAT box I see all those connections as ESTABLISHED and this is ok. After I shut down the private box (192.168.0.2) though I sometimes still see a connection to some website I've been to. What seems to make no sense is that I see this
192.168.0.2,1134 207.46.226.25,80 tcp ESTABLISHED 59:1:51 when the box 192.168.0.2 is down and has been down for hours. Why would netfilter still see this connection as ESTABLISHED ? Also, why just this one when I've visited many other sites too ? I wouldn't care if it said UNREPLIED cause those will be deleted if the table is full as far as I remember but ESTABLISHED ? RH 7.2 - kernel 2.4.17 patched with psd and TCP-window tracking patch. Thx Alex
