Am Freitag, 22. November 2013, 12:58:11 schrieb Tom Eastep: > On 11/22/2013 12:50 PM, Axel Zöllich wrote: > >>> Conntrack Table (1512 out of 65536) > >>> [...] > >>> udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 > >>> dport=1300 > >>> [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1024 > >>> mark=0 use=2 > >>> udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 > >>> dport=1300 > >>> src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] > >>> mark=256 use=2 > >>> [...] > >>> > >>> > >>> How can I get rid of the additional entry when the openvpn tunnel is > >>> renewed? > >> > >> Use the 'conntrack' utility. > > > > I did, but this is not what I want. > > Or is actively removing of the entries the only way to reestablish a > > tunnel > > when connection tracking is enabled? > > I have no idea why you are seeing that problem. Anyone else seen it?
Maybe there is a correlation with my two ISPs setup? I didn't ivestigate further yet, but i've got martians >martian source 212.117.77.218 from 217.92.133.162, on dev ppp0 where 212... is the IP of eth4. and sometimes bind (running on the shorewall box) errors: named[3063]: error (network unreachable) resolving 'professional.avira- cdn.com/A/IN': Axel -- Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau. ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
