Hi, I have looked through the archives and found a thread on the problem but no conclusion. Does anybody know if there is an answer to the following. I am running SuSE as a dialup gateway to my ISP using ppp with dynamic IPADDR assignment, ipchains, ipmasq etc. The problem comes when the link is dropped and then almost immediately re-established. ipmasq remembers connections from the old session and tries to continue using them. I would like to be able to flush the masquerade table but have not been able to find out how to do it. I have considered : Unloading the masq modules: This is not an option as the wayward link may not be the only interface relying on them. ICMP unreachable to force new connection: I have anti-spoofing rules which are dynamically configured with the IP address of the ppp link. Outbound these are set as REJECT but this does not work as the ICMP unreachable is sent to the old ppp IP address which also is bounced by the anti spoof rule - Oh mayhem :-) Reducing the masq timeouts: The problem rarely occurred with ipfw as the timeouts were much shorter but there were other problems with slow sites hanging because masq had forgotten about them. I do not really want to go back to there and given that the network drop-out is about 35 secs, the required timeout would be ridiculously short. Looking at it, the major problem is the udp "sessions", particularly dns lookup. The tcp sessions eventually time out when they get no response but the udp "sessions" are refreshed every time there is an outbound packet. Anybody heard anything or got any better ideas? John