Thanks. But somehow, this doesn't seem to work the way I expect it to: - from my local computer (with a 192.168.1.NN address), I ssh into my router and into some remote host. - on the router I do "echo f > /proc/net/nf_conntrack" - result: the ssh connection to the router is immediately cut, but the ssh connection to the remote host is unaffected. I would like (and expected) the exact opposite. What am I missing?
Maybe:- You are missing needed iptables changes to make the "old" forwarded connection (which will conntrack as NEW, but not be of type "syn") (explicitly of protocol TCP) get "-j REJECT --reject-with TCP-RESET" 'ed ? That way when the local machine sends another packet about this connection, it immediately gets, as you say, "cut". --Simon _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
