Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
ip_conntrack and interfaces with dynamic ip addresses (ppp)
trux at truxton
Aug 6, 2001, 12:00 AM
Post #1 of 4 (843 views)
Permalink
Hello,

I have a situation where I use a ppp connection to send udp packets
from a specific port to a specific port at a specific destination.
From time to time my ppp connection drops and comes back up with a
new ip address. The entry in /proc/net/ip_conntrack retains the
ip address of the old ppp interface, so any udp packets sent with
the same source port are sent using the old IP address. If I wait
for the entry in /proc/net/ip_conntrack to expire (3 minutes),
then I can send my udp packets using the new IP address. Is there
a way to explicitly delete an entry in the connection tracking table,
or to flush the whole thing? I can compile conntrack as a module
and rmmod/insmod, but that seems inelegant. Is there a better way?
I am using linux 2.4.7 and iptables v1.2.2

Thanks,

-Truxton
Re: ip_conntrack and interfaces with dynamic ip addresses (ppp) [ In reply to ]
kakadu at adelphia
Aug 6, 2001, 5:20 AM
Post #2 of 4 (835 views)
Permalink
Truxton Fulton wrote:

> Hello,
>
> I have a situation where I use a ppp connection to send udp packets
> from a specific port to a specific port at a specific destination.
>>From time to time my ppp connection drops and comes back up with a
> new ip address. The entry in /proc/net/ip_conntrack retains the
> ip address of the old ppp interface, so any udp packets sent with
> the same source port are sent using the old IP address. If I wait
> for the entry in /proc/net/ip_conntrack to expire (3 minutes),
> then I can send my udp packets using the new IP address. Is there
> a way to explicitly delete an entry in the connection tracking table,
> or to flush the whole thing? I can compile conntrack as a module
> and rmmod/insmod, but that seems inelegant. Is there a better way?
> I am using linux 2.4.7 and iptables v1.2.2
>
> Thanks,
>
> -Truxton

Mr. Fulton,

You can apply the ctnetlink patch in p-o-m, then write a program
which, in some fashion, detects interface changes and flushes the
conntrack table of all entries with the old IP. It's a more elegant
solution than using insmod/rmmod.

Brad
Re: ip_conntrack and interfaces with dynamic ip addresses (ppp) [ In reply to ]
msaleh at orsys
Aug 6, 2001, 6:21 AM
Post #3 of 4 (827 views)
Permalink
Truxton Fulton a écrit :

> Hello,
>
> I have a situation where I use a ppp connection to send udp packets
> from a specific port to a specific port at a specific destination.
> >From time to time my ppp connection drops and comes back up with a
> new ip address. The entry in /proc/net/ip_conntrack retains the
> ip address of the old ppp interface, so any udp packets sent with
> the same source port are sent using the old IP address. If I wait
> for the entry in /proc/net/ip_conntrack to expire (3 minutes),
> then I can send my udp packets using the new IP address. Is there
> a way to explicitly delete an entry in the connection tracking table,
> or to flush the whole thing? I can compile conntrack as a module
> and rmmod/insmod, but that seems inelegant. Is there a better way?
> I am using linux 2.4.7 and iptables v1.2.2
>
> Thanks,
>
> -Truxton

Have you tried to set 1 in the file /proc/sys/net/ipv4/ip_dynaddr?


--
Mohamad
Re: ip_conntrack and interfaces with dynamic ip addresses (ppp) [ In reply to ]
trux at truxton
Aug 6, 2001, 8:02 AM
Post #4 of 4 (831 views)
Permalink
Mohamad SALEH <msaleh@orsys.fr> writes:

> Truxton Fulton a écrit :
>
> > Hello,
> >
> > I have a situation where I use a ppp connection to send udp packets
> > from a specific port to a specific port at a specific destination.
> > >From time to time my ppp connection drops and comes back up with a
> > new ip address. The entry in /proc/net/ip_conntrack retains the
> > ip address of the old ppp interface, so any udp packets sent with
> > the same source port are sent using the old IP address. If I wait
> > for the entry in /proc/net/ip_conntrack to expire (3 minutes),
> > then I can send my udp packets using the new IP address. Is there
> > a way to explicitly delete an entry in the connection tracking table,
> > or to flush the whole thing? I can compile conntrack as a module
> > and rmmod/insmod, but that seems inelegant. Is there a better way?
> > I am using linux 2.4.7 and iptables v1.2.2
> >
> > Thanks,
> >
> > -Truxton
>
> Have you tried to set 1 in the file /proc/sys/net/ipv4/ip_dynaddr?
>
>
> --
> Mohamad

Yes, I tried 1, and I tried 7, but neither seemed to make a difference.

-Truxton

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal