Highest Voted 'nf-conntrack' Questions - Server Fault Stack Exchange

1

vote

1 answer

ufw without connection tracking

I am using ufw on a high traffic webserver (lot of http/https traffic) on ubuntu (12.04 or 14.04). I tried tuning kernel parameters related to connection tracking with some success. However, thinking about it, I don't do NAT, therefore I don't think…

iptables ufw nf-conntrack

asked Oct 16 '15 at 10:26

Arnaud Potier

123
7

1

vote

1 answer

Configuring IPTables without connection tracking module

Usually connection tracking is required for outbound connections to allow established connections back in, for instance: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT I don't have connection tracking enabled on my server so I was…

iptables nf-conntrack

asked Dec 18 '14 at 19:29

HTF

3,148
14
52
82

1

vote

1 answer

Debugging HAProxy

I have tested / been testing a server cluster locally for quite a while with no problem. I have recently set my server cluster up for a live test, and I have noticed problems, and believe that the HAProxy in my cluster may be running into some…

ubuntu ubuntu-12.04 haproxy nf-conntrack

asked Oct 08 '13 at 16:22

Eumcoz

217
3
8

1

vote

0 answers

how to allow sip traffic, from field's IP is modified by routers ip

I have the following problem: PC1 - eth0: 192.168.188.55 eth1: part of br0: 10.147.20.69 tap1: part of b0: 10.147.20.2 -> connected to PC2 on eth1: i have a trunc sip device GOIP and some times PC3. The server is Centos7…

iptables linux-networking sip conntrack nf-conntrack

asked Dec 18 '22 at 09:51

SHERIF OMRAN

11
3

1

vote

0 answers

net.netfilter.nf_conntrack_helper=1 a security risk?

For a public file archive with an anonymous ftp server (vsftpd) I need to restore passive ftp, which ceased to work after upgrading Ubuntu 16 LTS to 18 LTS some time ago (with 20 to follow). Previous answers around the SE network indicate that in…

ubuntu-18.04 ufw vsftpd nf-conntrack

asked May 24 '21 at 12:13

AliasX1

11
3

1

vote

0 answers

Apache keeps TCP Connection in CLOSE-WAIT state for 600 Seconds

iptables tcp apache2 conntrack nf-conntrack

asked Feb 05 '21 at 21:09

bit151

43
1
7

1

vote

1 answer

Do we need conntrack for Load Balancer server?

I have 3 private dedicated server as Load balancer. And then there is IP Addr Public sign to this private dedicated server. Suddenly, one of these 3 LB servers got nf_conntrack: table full, dropping packet My dedicated server spec is 32 Core; 256…

load-balancing conntrack nf-conntrack

asked Mar 26 '20 at 09:05

Nicky Puff

11
1

0

votes

1 answer

ip_conntrack_max not found

I did reconfigure /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 65536 net.nf_conntrack_max = 65536 net.netfilter.nf_conntrack_tcp_timeout_established = 600 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =…

conntrack nf-conntrack

asked Mar 20 '17 at 08:47

auc

21
1
4

0

votes

0 answers

nf_conntrack_ftp module has disappearedl

I've been running a Linode droplet for several years with no problems. In the last month, users have reported FTP connection errors, always related to Passive FTP. Investigation shows that the nf_conntrack_ftp module is no longer loaded. We use…

iptables ftp linode kernel-modules nf-conntrack

asked Dec 10 '16 at 03:05

Ryan Griggs

963
2
14
29

0

votes

1 answer

How to use conntrack to allow SIP traffic

I have the following problem: Device (eth0)----> SWITCH(trunk)+VLAN120 ---> (PC1) +VLAN200 ---> (PC2) I am able to ping from PC1 to PC2 which are in different SUBNETS as above: Using NAT rules in iptables as below…

iptables linux-networking sip conntrack nf-conntrack

asked Jul 20 '15 at 10:36

RootPhoenix

115
3
8

0

votes

1 answer

Limiting outgoing connections by port to control nf_conntrack usage

I would like to make my system more resilient against certain failure. When the system makes rapid outbound TCP connections fail, the nf_conntrack table fills up with TIME_WAIT entries. This causes other operations on the system to fail as…

iptables time-wait nf-conntrack

asked Mar 04 '14 at 02:55

nhed

590
1
8
14

0

votes

0 answers

NetFilter ConnTrack FTP helper alernative fo handle FTPS

I've been using nf_conntrack_ftp module successfully (though rarely), but now I have to deal with TLS-encrypted FTP - this renders that helper useless an I would have to resort to opening the firewall statically, which I'd rather avoid. Are there…

linux iptables ftp ftps nf-conntrack

asked May 15 '23 at 20:12

madman_xxx

198
6

0

votes

0 answers

How to avoid port duplication when using iptable for DNAT

I configure the iptable output chain DNAT conversion by the following command. iptables -t nat -A OUTPUT -p tcp --dport 5000 -j DNAT --to 10.100.1.10:2048 When I link 10.100.20.4:5000 on the client 10.100.30.5, the traffic is successfully forwarded…

linux iptables firewall dnat nf-conntrack

asked Aug 12 '22 at 08:19

HK S

1

0

votes

0 answers

conntrack events(conntrack -E) show 0.0.0.0 as source and destination addresses

These are the logs down below. [DESTROY] udp 17 src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0 packets=3 bytes=216 [UNREPLIED] src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0 packets=0 bytes=0 [NEW] udp 17 30 src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0…

linux iptables linux-networking conntrack nf-conntrack

asked Jan 19 '22 at 16:19

jatinBatra

1

0

votes

1 answer

Should I do the stateful matching with iptables for nat table?

I often see that there are some stateful matching rules in a iptables' chain such as INPUT. I known what they are doing, and I'm interested in that Should I do the same for the chains of the table NAT? For example, in my home router, I want it…

iptables firewall router nat nf-conntrack

asked Nov 14 '21 at 19:49

Leon

169
9

Questions tagged [nf-conntrack]