Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [conntrack]

74 questions
1
vote
1 answer

conntrack delete does not stop runnig copy of big file

I have a router with nat port forwarding configured. I launched a http copy of big file via the nat. The http server is hosted on the LAN PC which contains the big file to download. I launched the file download from WAN PC. I disabled the nat rule…
MOHAMED
  • 151
  • 7
1
vote
1 answer

Conntrackd cache not showing tcp sessions

I am experiencing a somewhat weird issue with conntrackd. I have created an environment with an active/backup scenario where sessions will be replicated to the backup after a failover and vice versa. I have followed the official manual of the tool…
Jimmy_A
  • 81
  • 7
1
vote
0 answers

Debian sysctl config not persisting on reboot

I am running ubuntu 14.04: Linux WEBLB3 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux I have modified the /etc/sysctl.conf file to set sysctl settings on reboot, it contains this…
John Foley
  • 171
  • 7
1
vote
1 answer

Overwhelmed by "TCP: time wait bucket table overflow" errors -- What can I do to mitigate?

I've got a legacy system running Debian 7 (proxmox) hosting OpenVZ containers, and I'm seeing a troublesome problem where the system is being overwhelmed by open connections to VZ container running the apache frontend. When this is happening, the…
Ross Messiah
  • 11
  • 6
1
vote
1 answer

On a Linux NAT host, late duplicate segments cause connection resets

https://www.cloudshark.org/captures/6f185eb12e97 172.30.5.1 Linux vm with bridged networking, running on another server, VM has RFC1918 address only 144.76.103.194 Linux host with one interface, connected to both internet and…
Michael Renner
  • 1,750
  • 13
  • 17
1
vote
1 answer

Can't get iptables working in VPS - state and conntrack not possible

I've been browsing and reading documentations all night and I can't figure out any solution... I'm trying to get iptables working on my VPS (Debian 7). But I can't get established connections answered. The "-m state --state" and also "-m conntrack…
Velvetto Warrioror
  • 11
  • 2
1
vote
2 answers

See stats of data in and out of each connection to a port

I have an application listening to a port. The clients connect to it using http connection. At any given time I see around 3000 connections established. I assume not all these connections are in use (sending and receiving data) in parallel. To…
Amod Pandey
  • 121
  • 5
1
vote
0 answers

Ghost tcp connections: ss sees them, nothing else does

We have a strange problem. Our remote server shows over 900 connections coming from our office over port 80: # ss -n | grep ESTAB | grep $OFFICEIP | grep :80 | wc -l 935 Netstat shows a similar number: # netstat -n | grep $OFFICEIP | grep :80 | wc…
Mediocre Gopher
  • 803
  • 1
  • 13
  • 24
1
vote
0 answers

Firewall rejecting UDP "connections"?

I have a server that is aggregating logs from various other servers. It mostly works great, however from time-to-time (right after a reboot, but not all reboots) it will decide that various UDP "connections" are in some weird state, and reject…
Kromey
  • 3,641
  • 4
  • 25
  • 30
1
vote
1 answer

CentOS 6.5 Iptables conntrack module

I have a VPS server on which CentOS 6.5 x64 is installed. Kernel version from uname command is 2.6.18-028stab107. When I want to use iptables rate limiting like in the following command, I got the error message below. iptables -I INPUT -p tcp…
jdiver
  • 135
  • 1
  • 4
  • 9
1
vote
1 answer

looks like conntrack utility is installed but i cannot find it

Ive been told to use the 'conntrack' utility (http://linux.die.net/man/8/conntrack) for some purpose. now as in the description writen: conntrack -L Dump the connection tracking table in /proc/net/ip_conntrack format so i found the log file…
PyThoN
  • 187
  • 2
  • 6
1
vote
0 answers

how to allow sip traffic, from field's IP is modified by routers ip

I have the following problem: PC1 - eth0: 192.168.188.55 eth1: part of br0: 10.147.20.69 tap1: part of b0: 10.147.20.2 -> connected to PC2 on eth1: i have a trunc sip device GOIP and some times PC3. The server is Centos7…
SHERIF OMRAN
  • 11
  • 3
1
vote
0 answers

Conntrack not showing iptables redirected flow

I have a client and server. At Server I have a redirect rule to redirect all incoming flows to port 15006. Client IP: 10.20.3.53 ServerIP : 10.20.3.63 I have the following iptables rules on the server(10.20.3.63): # iptables -t nat -nvL…
Invictus
  • 111
  • 2
1
vote
0 answers

Apache keeps TCP Connection in CLOSE-WAIT state for 600 Seconds

My setup consists of two apache servers like in this diagram: |Apache | >==Reverse Proxy Connection====> |Apache | |Server1| <==Response through conntrack==< |Server2| After a successful HTTP connection from Server 1 to Server 2, the latter sends a…
bit151
  • 43
  • 1
  • 7
1
vote
0 answers

Connections not obeying conntrack

I have a tunnel set up on interface vti68. I am NATing both the source and destination. The host has 10.1.30.51 as local, and 172.16.0.80 as remote. Traffic in the tunnel is translated such that 10.45.89.4 is local and 192.168.7.5 is remote. ip…
Paul Draper
  • 317
  • 5
  • 24
1 2
3
4 5