conntrack -L does not show any connection

Question

I am writing a utility which will use Conntrack commands to show the connection states. I am a beginner and I wanted to play with the Conntrack before I could start my work. So, when I tried conntrack -L conntrack, I get the output which says there are no flows. But, I do have a telnet and one ssh connection to the machine, which is seen in netstat as in ESTABLISHED state.

I also did tail -f /proc/net/ip_conntrack but didn't see any output.

Am I missing something?

score 2 · Answer 1 · answered Jul 04 '20 at 01:16

2

You can use iptables module 'conntrack' to do something, then conntrack -L will have output.

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

answered Jul 04 '20 at 01:16

tinyhare

121
4

score 1 · Answer 2 · answered Feb 16 '18 at 06:44

1

You'll have to modprobe nf_conntrack and it's ipv4/ipv6 modules.

modprobe nf_conntrack
modprobe nf_conntrack_ipv4
modprobe nf_conntrack_ipv6

answered Feb 16 '18 at 06:44

Vinay Tiwary

11
1

It seems there's no nf_conntrack_ipv4 nor nf_conntrack_ipv6 modules in Fedora 31 stock kernel (I have installed conntrack-tools and libnetfilter-conntrack packages). I have exactly the same problem but I just have nf_conntrack and nf_conntrack_netlink loaded. I don't know what can be...My Nftables version (0.9.1) or Kernel (5.5.9) isn't compatible? – Osqui Mar 22 '20 at 15:08

score 0 · Accepted Answer · answered Oct 19 '11 at 23:14

0

If /proc/net/ip_conntrack is empty, you may have conntrack modules not loaded. Try

modprobe nf_conntrack

answered Oct 19 '11 at 23:14

Selivanov Pavel

2,126
3
23
47

I did lsmod | grep nf_conntrack. It shows that conntrack is loaded already. Do I need to configure firewall or something for this to work? As per my understanding, it is not needed for basic testing. – SeattleOrBayArea Oct 19 '11 at 23:29
I dont know how but it started to work, thanks!! – SeattleOrBayArea Oct 19 '11 at 23:52

conntrack -L does not show any connection

3 Answers3