PROB: IPMasq entries not clearing from kernel?

Post by Mike Roo » Tue, 09 Feb 1999 04:00:00

    Hi. I've got a Pentium Linux box set up running RedHat 5.1, with the
new 2.2.1 kernel.  The IPChains (1.3.8) firewall is working fine, as is
IP Masquerading.  The machine ("firewall") has two NICs, one for the
internal net ( and one for an external net
(  The firewall machine also runs the bind 8.1.2
nameserver, set up to resolve local addresses and forward internet
addresses.  The internal network has SGIs, Macs, and NT boxes.  The only
things on the external net are the firewall itself and an Ascend
Pipeline 75 ISDN router.  The pipeline dials out to our ISP, where it
gets a dynamic IP and does NAT.  I know the Pipeline is overkill, but
that's just what I had to work with...

    Anyway, the problem is that there are times when IP Masquerading
entries seem to get "stuck" in the kernel.  For example, there are
currently about 70 entries listed (ipchains -M -L or netstat -M) that
indicate http connections from one of our local machines to a remote
website.  However, the local machine in question hasn't been used for
the last three days.  The masquerading timeouts (ipchains -M -S x y z)
don't seem to have any impact on whether this behavior occurs.  They are
currently set to the default 15, 2, and 5 minutes respectively (speaking
of which, why isn't there a way to list the current values?), but I have
shifted them dramatically up and down without any positive results.

    This is really a problem, as the stuck entries are holding up the
ISDN line, which costs us extra money, which makes the bosses unhappy.
There doesn't seem to be any way to clear the entries from the kernel.
Rebooting doesn't do it.  I even tried deleting /proc/net/ip_masquerade,
but after rebooting, they were back.  They just won't go away.
Rebooting the machine whose masq entries are stuck DOES seem to fix the
problem.  I've searched all the IPMasq HOW-TOs, FAQs, and Websites and
no one else seems to have reported this problem or a fix.

    Note that this problem does not occur all the time, or with any one
machine.  I have seen entries coming from various SGIs, PCs, and Macs
all get stuck.  This problem also occurred with our previous config,
which was the 2.0.34 kernel and ipfwadm.

    What I really need is a way to clear out the entries via a cron job
(without rebooting any of the workstations) so things don't get stuck in
there for days.  Any advice on what I could do about this problem would
be greatly appreciated.