LinuxQuestions.org - NAT iptables GRE tunnels hell

Hi Guys !

I have one head blowing problem, maybe your smart brains can help in resolving this issue, or just finding cause of it.

Just in few words without configurations sofar.

I'm managing small office network, that is sitting behind CentOS bases router.

Router duty to do NAT, and forward some ports to internal servers (same NAT).

All done on iptables. Problem that i have now somehow related to iptables and seen very well with GRE (PPTP tunnels) and i think with any tunnels.

We have multiple client stations that trying to connect to same VPN servers outside our LAN.

And we have such scenario:

Iptables or something in routerbox remembers first connection that was made to VPN1 server, and allows to connect to this VPN1 server only to particular IP addrees that firstly initiated connection to VPN1 server.

Funny that iptables restart doesn't help to, somehow reset this first initiating connection. But if you change anything inside rules (i don't know add comment) inside iptables and restart it. It will reset cache or something i really don't know and accept again first connection from first IP that will try to initiate this connection to VPN server.

And it's really looks crazy, if Client1 initiats connection to VPNServer1 and he is first all fine, but to allow Client2 to connect to VPNServer1 - i need change rule, restart iptables, then Client2 has VPN resources, but Client1 can not. And they don't try to connect to one VPN resource in parallel with same login/pass.

Hopefully it's common problem with iptables or ipconntrack something :)

Regards