bugzilla-daemon at bugzilla.netfilter.org
2008-Dec-20 08:07 UTC
[Bug 565] New: Problems with NOTRACK
http://bugzilla.netfilter.org/show_bug.cgi?id=565
Summary: Problems with NOTRACK
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P1
Component: ip_conntrack
AssignedTo: laforge at netfilter.org
ReportedBy: turbo-drive at mail.ru
Debian etch (Linux ktmlaggregator 2.6.18-6-xen-686)
Disable forwarding packets from local network to next gateway:
iptables -t raw -I PREROUTING -d ! 10.0.0.0/8 -j NOTRACK
In FORWARD chain set verify:
iptables -t filter -I FORWARD -m state --state UNTRACKED -j LOG
In messages log - writing many messages - its right, NOTRACK working.
In FORWARD chain set verify:
iptables -t filter -I FORWARD -m state --state NEW -j LOG
In messages log - no iptables messages - its right, NOTRACK working.
BUT! /proc/net/ip_conntrack contains many-many lines as:
tcp 6 170464 ESTABLISHED src=10.10.10.49 dst=89.232.126.111 sport=56085
dport=4987 packets=53990 bytes=41071003 [UNREPLIED] src=89.232.126.111
dst=10.10.10.49 sport=4987 dport=56085 packets=0 bytes=...
I wait 3 days - same situation...
After reboot, ip_conntrack no more containing this lines.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Feb-11 10:35 UTC
[Bug 565] Problems with NOTRACK
http://bugzilla.netfilter.org/show_bug.cgi?id=565
laforge at netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|laforge at netfilter.org |kaber at trash.net
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.