Highest Voted 'conntrack' Questions - Server Fault Stack Exchange

1

vote

2 answers

Track IP Adress login RDP when shutdown happen

Today I arrived at the office of an client and the Hyper V server was turnoff. In the Windows Event log is register that the admin user has send a shutdown command. I'm not the only one that has access to this user. How can I find out from what IP…

asked Jan 05 '21 at 18:15

Daniel Camara

13
2

1

vote

1 answer

Do we need conntrack for Load Balancer server?

I have 3 private dedicated server as Load balancer. And then there is IP Addr Public sign to this private dedicated server. Suddenly, one of these 3 LB servers got nf_conntrack: table full, dropping packet My dedicated server spec is 32 Core; 256…

load-balancing conntrack nf-conntrack

asked Mar 26 '20 at 09:05

Nicky Puff

11
1

0

votes

1 answer

dnsmasq: how to get conntrack numbers in query logs?

I´m currently working on a project (for school) to set up a program which analyses DNS-queries to be used in Docker-Swarm and Kubernetes. For testing purposes I received some (supposedly dnsmasq) logs. They look like this: Jun 20 01:01:02…

linux centos7 dnsmasq conntrack

asked Jan 04 '19 at 13:21

MasseGiraffe425

21
3

0

votes

1 answer

Unable to NAT TFTP traffic because iptables is not forwarding the return connection to the client despite TFTP helper creating an expectation

The Problem I have a TFTP server (Machine 'S') and a TFTP client (Machine 'C') on different subnets. They are connected via a router( Machine 'R'). All 3 machines are Debian 9/Stretch. The router is running iptables and is set to masquerade…

iptables nat tftp conntrack masquerade

asked Dec 07 '18 at 16:26

succulent_headcrab

387
2
5
12

0

votes

1 answer

How to drop connections RELATED to other dropped connections?

Scenario: I wrote iptables rules for a host where a DPI engine is watching Netfilter queues: firewall rules enqueue traffic incoming to this host into different Netfilter queues depending on whether traffic is coming from a certain ipset of mine. In…

iptables conntrack

asked Mar 12 '18 at 15:06

elmazzun

133
1
1
7

0

votes

1 answer

ip_conntrack_max not found

I did reconfigure /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 65536 net.nf_conntrack_max = 65536 net.netfilter.nf_conntrack_tcp_timeout_established = 600 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =…

conntrack nf-conntrack

asked Mar 20 '17 at 08:47

auc

21
1
4

0

votes

0 answers

nf_conntrack_ipv6 not tracking outgoing connections

I'm trying to get outgoing IPv6 routing going, my issue is, that conntrack is not working correctly. I've dumped the traffic via tcpdump, which shows me that the packets go outside (e.g. internal interface -> router -> isp) and that I receive a…

iptables ipv6 conntrack

asked Nov 17 '16 at 13:07

Thomas Rosenstein

251
2
12

0

votes

1 answer

Why do the numbers shown in ip_conntrack_count and conntrack -L differ

I noticed the following today on our router: user@router:~$ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 28141 However: user@router:~$ sudo conntrack -L > /dev/null conntrack v1.2.1 (conntrack-tools): 4652 flow entries have been…

iptables conntrack

asked Jul 04 '16 at 07:52

dorian

397
1
7
22

0

votes

1 answer

iptables counters in NAT table and state NOT NEW

I read everywhere that it is dangerous to do traffic filtering in the nat table because the nat table is only consulted for connections whose state is "NEW" (later packets bypass the table). Does it mean that nat table counters are only incremented…

iptables nat linux-networking conntrack

asked Mar 17 '16 at 16:33

Fox

952
2
12
21

0

votes

1 answer

FTP EPSV command and iptables

Troubleshooting an issue with an FTP connection going through an iptables firewall and seeing some strange issues with passive mode. We are trying to connect to an FTP server and get the directory listing, and it seems to work in PASV mode in all…

iptables ftp conntrack

asked Oct 28 '15 at 23:06

Devnull

951
1
7
23

0

votes

1 answer

How to use conntrack to allow SIP traffic

I have the following problem: Device (eth0)----> SWITCH(trunk)+VLAN120 ---> (PC1) +VLAN200 ---> (PC2) I am able to ping from PC1 to PC2 which are in different SUBNETS as above: Using NAT rules in iptables as below…

iptables linux-networking sip conntrack nf-conntrack

asked Jul 20 '15 at 10:36

RootPhoenix

113
3
8

0

votes

1 answer

accessing ip_conntrack causes concurrency problems after yum update

I have a Centos 5.11 server, and a script I cron every 10 minutes The script is simply this #!/bin/sh FNAME=/var/www/html/cached/conntrack_count COUNT=`cat /proc/net/ip_conntrack | /usr/bin/wc -l` echo $COUNT > $FNAME I've ran this script for…

linux networking centos conntrack

asked Feb 06 '15 at 12:22

carpii

521
2
4
12

0

votes

2 answers

Connection tracking not working in a Debian 7 OpenVZ VPS

I have a small VPS instance (used for web hosting) that runs Debian 7, and for a few weeks I have issues with my firewall and connection tracking. I had no issue for months, but without any system modification from my part, the connection tracking…

iptables openvz conntrack

asked Jun 17 '14 at 08:36

user226649

1
1

0

votes

1 answer

iptables nat taking 30 seconds to start redirecting

I am implementing a SIP Proxy that should be able to redirect all RTP traffic between two clients that can't reach each other. To implement that, I decided to manipulate the negotiated addresses in the SIP/SDP messages and use iptables rules to…

iptables nat conntrack

asked Apr 10 '13 at 15:37

krusty

1
1

0

votes

2 answers

yum not updating /etc/rc.d/init.d/iptables

I have been hit by the bug https://bugzilla.redhat.com/show_bug.cgi?id=493226 (restarting iptables ignores values in /etc/sysctl.conf). This bug has been fixed by RH quite a while ago. The server has had yum update run many times since the RH…

iptables yum sysctl conntrack

asked Jan 22 '13 at 18:03

Jistanidiot

151
1
7

Questions tagged [conntrack]