Highest Voted 'nf-conntrack' Questions - Server Fault Stack Exchange

13

votes

3 answers

Where is the correct place to set net.netfilter.nf_conntrack_buckets?

I'm currently trying to set net.netfilter.nf_conntrack_buckets on boot. I initially assumed that this could be done through sysctl.conf, but net.netfilter.nf_conntrack_buckets (and other net.netfilter configurations) were not applied at all. …

asked Feb 26 '13 at 04:25

KelchM

155
1
2
6

4

votes

1 answer

What happened to byte and packet counters in conntrack?

Netfilter's conntrack docs show an example output of conntrack -L that contains bytes= and packets= counters, but when I run it I only see IP and port information. I'm aware that the docs are really out of date, and specifically mention…

linux conntrack nf-conntrack

asked May 08 '17 at 17:01

itsadok

1,839
5
21
33

4

votes

1 answer

What does nf_conntrack.acct really do?

I've found the kernel parameter nf_conntrack.acct interesting, in that the kernel documentation merely says "Enable connection tracking flow accounting". I've appended this to grub and rebooted and I haven't found any difference. For example, what…

linux iptables kernel nf-conntrack

asked Sep 22 '13 at 00:47

sebelk

642
3
13
32

4

votes

1 answer

Statistics /proc/net/stat/nf_conntrack is missing on Linux server

For some reason I have no such file on my server.. root@serv:~# uname -a Linux serv 5.4.0-87-generic #98~18.04.1-Ubuntu SMP Wed Sep 22 10:45:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux root@serv:~# cat /proc/net/stat/nf_conntrack cat:…

linux networking iptables firewall nf-conntrack

asked Oct 10 '21 at 09:27

narotello

95
7

3

votes

1 answer

iptables fails to load nf_conntrack_ftp

I have recently had to rebuild my iptables configuration and when I run service iptables restart I now receive the following error line: iptables: Loading additional modules: nf_conntrack_ftp [FAILED] My iptables-config file includes the…

iptables nf-conntrack

asked Jan 02 '15 at 01:55

user1780242

157
2
11

3

votes

2 answers

nf_conntrack complaints in dmesg

While investigating complains on bad HTTP server performance, I've discovered these lines in dmesg of my Xen XCP host that contains a guest OS with said server: [11458852.811070] net_ratelimit: 321 callbacks suppressed [11458852.811075]…

ubuntu dmesg xen nf-conntrack

asked Sep 27 '12 at 11:34

Alexander Gladysh

2,343
7
30
47

3

votes

1 answer

NEW counter missed in statistics conntrack -S

From this question Statistics /proc/net/stat/nf_conntrack is missing on Linux server I recognized that /proc/net/stat/nf_conntrack has an alternative conntrack -S. In /proc/net/stat/nf_conntrack there is NEW counter, based on which the one can…

linux networking firewall linux-networking nf-conntrack

asked Oct 14 '21 at 20:10

narotello

95
7

2

votes

2 answers

How to learn Remote FTP Server 's Passive Port Range

Is there any way to learn the port range of "Passive" FTP Server which is not in my authority. It is possible to set the range within configuration file. For example within vsftpd.conf…

iptables ftp vsftpd nf-conntrack

asked Jan 31 '17 at 15:31

aesnak

561
4
12

2

votes

3 answers

Conntrack shows no result

I tried the command conntrack -L and it returns nothing when I have a ping www.google.com running. I also tried to load the module by modprobe nf_conntrack. But it still always returns conntrack v1.0.0 (conntrack-tools): 0 flow entries have been…

iptables conntrack nf-conntrack

asked Nov 10 '14 at 14:25

manxing

121
2

2

votes

2 answers

How to mitigate error "kernel: nf_conntrack: table full, dropping packet"

We recently had a problem with one of our servers (Debian Squeeze) becoming unresponsive during heavy-ish load. Looking at the kernel logs, I think this is the cause: kernel: nf_conntrack: table full, dropping packet As I understand it, this is…

debian debian-squeeze conntrack nf-conntrack

asked Sep 30 '14 at 10:54

UpTheCreek

1,598
10
31
45

2

votes

1 answer

Stateless NAT with CentOS 6

I'm looking to set up the following: ---[IVR 1] | (internet)----[CentOS box]---+---[IVR 2] | ---[IVR 3] The CentOS box's internal…

centos iptables nat nf-conntrack

asked Sep 25 '14 at 16:12

Dave Knell

21
1

2

votes

1 answer

What is the difference between nf_conntrack_max and nf_conntrack_expect_max?

I understand what nf_conntrack_max is, but what does nf_conntrack_expect_max actually do? I haven't been able to find an explanation on this anywhere.

centos6 nf-conntrack

asked Feb 26 '13 at 20:03

KelchM

155
1
2
6

2

votes

0 answers

A minmal iptables ruleset for a high volume Nginx reverse proxy (or: how to use NOTRACK for http and https)?

I'm looking for a minimal iptables ruleset for a rather high volume Nginx/Varnish reverse proxy. I'd like to close down the server, so that only ports 80 and 22 are open at all for connections from the outsite. Furthermore, I'd like to exclude the…

iptables conntrack nf-conntrack

asked Nov 09 '12 at 17:11

flight

384
3
14

1

vote

1 answer

"use" column in /proc/net/ip_conntrack or nf_conntrack?

i'd like to hack together my own little script to parse conntrack data, to get customized network information from some Linux boxes that are also NAT routers. an example of a line from the conntrack tables is: ipv4 2 tcp 6 300 ESTABLISHED…

iptables nat conntrack nf-conntrack

asked Jun 19 '19 at 08:35

Moritz von Schweinitz

243
1
2
10

1

vote

1 answer

Connections disappearing from nf_conntrack

I've been investigating a special issue on our docker host server (17.09.0-ce) and found that every 3-5 minutes, many connections disappear from /proc/net/nf_conntrack causing the client side of the connection to time out. I'm on CentOS 6. I didn't…

centos docker tcp nf-conntrack

asked Apr 10 '18 at 11:22

papaiatis

121
3

Questions tagged [nf-conntrack]