similar to: conntrack entries established before nat

Displaying 20 results from an estimated 2000 matches similar to: "conntrack entries established before nat"

2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table
2003 Feb 14
6
[Bug 49] TCP conntrack entries with huge timeouts
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49 ------- Additional Comments From laforge@netfilter.org 2003-02-14 08:39 ------- what patches from patch-o-matic do you use? Do you know how to reproduce this behaviour? ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
2004 Oct 13
4
Connection tracking on non-masqueraded interfaces.
I don''t think this has anything to do with Shorewall but I am not too familiar with iptables stuff yet so I''m not sure. Running Shorewall shorewall-1.4.9 on Mandrake Linux release 9.2 (FiveStar) for i586 Kernel 2.4.22-37mdk. Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN. You can do this from a firewall/router, or even from a
2008 Aug 10
1
conntrack-tools and Session syncing
Hi folks, I have 2 firewalls, setup with Centos 5.2. They are also routers, connected to 2 upstream routers. I have some cases where connections from servers to the internet leave my network via router2 and answers come back via router1. So I added conntrack tools to both routers/firewalls to synchronize the session tables (using ftfw procotol). That works as expected. If e.g. I ping from
2012 Oct 16
1
Trouble with tftp
I''m trying to enable tftp traffic initiated from our dmz network to our internal network. I have: TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED]
2004 Aug 30
3
[Bug 98] state ESTABLISHED allow ipip tunnels
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=98 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|ASSIGNED |RESOLVED Resolution|
2006 Aug 03
28
[Bug 498] RTP packets are not hitting NAT table
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=498 cfilin@intermedia.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chip@innovates.com -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are
2006 Jul 21
6
Quick Question on [UNREPLIED] in the state tables
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1
2017 Feb 16
3
[Bug 1123] New: conntrackd will not accept connection records into kernel table from another machine
https://bugzilla.netfilter.org/show_bug.cgi?id=1123 Bug ID: 1123 Summary: conntrackd will not accept connection records into kernel table from another machine Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5
2003 Aug 19
1
[Bug 105] Connection tracking table full, no new connections accepted
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=105 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |LATER ------- Additional Comments From
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all, I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using pppoe with a dynamic ip that changes frequently. The problem is when the line drops the sip/iax registrations drop as well, and they don''t register thereafter. When I check the conntrack entries, I noticed the entries still have the old wan ip address and because of keepalive (i''m
2013 Aug 06
3
[Bug 839] New: SNAT66 does not work for bidirectional UDP
https://bugzilla.netfilter.org/show_bug.cgi?id=839 Summary: SNAT66 does not work for bidirectional UDP Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org
2019 Jun 26
4
iptables - how to block established connections with fail2ban?
I am working to a CentOS 6 server with nonstandard iptables system without rule for ACCEPT ESTABLISHED connections. All tables and chains empty (flush by legacy custom script) so only filter/INPUT chain has rules (also fail2ban chain): Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all --
2017 Mar 28
2
SipVicious scans getting through iptables firewall - but how?
My firewall and asterisk pjsip config only has "permit" options for my ITSP's (SIP trunk) IPs. Here's the script that sets it up. -------------------------------------------------- #!/bin/bash EXIF="eth0" /sbin/iptables --flush /sbin/iptables --policy INPUT DROP /sbin/iptables --policy OUTPUT ACCEPT /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -m
2017 Apr 11
2
connection state tracking with DNS [was Primary DNS...]
Hi, I would like to see this addressed. I found more information on the issue at https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html Is there a firewalld solution to this issue? On 04/11/2017 11:05 AM, Chris Adams wrote: > One additional DNS server note: you should disable firewalld for any DNS > server, caching or authoritative. If you need firewalling, use
2017 Sep 18
0
[Bug 1183] New: need options to output UNREPLIED connections
https://bugzilla.netfilter.org/show_bug.cgi?id=1183 Bug ID: 1183 Summary: need options to output UNREPLIED connections Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Fedora Status: NEW Severity: enhancement Priority: P5 Component: conntrack Assignee:
2020 Nov 20
4
Desktop Over NFS Home Blocked By Firewalld
On Fri, Nov 20, 2020 at 12:18 PM Frank Cox <theatre at sasktel.net> wrote: > > On Fri, 20 Nov 2020 12:07:40 -0500 > Michael B Allen wrote: > > > So TCP src 760 to 41285. What's that? > > Apparently "that" is what you need to allow in order for your desktop to work. > > What it is actually doing, I'm not sure. Google tells me that port 760 has
2004 Jun 28
5
iproute and shorewall
Hi, I got a problem with iproute and shorewall but I don''t know where the real problem is yet, perhaps someone can shed any light on this one. What we currently do is route all traffic coming from a specific host through our second isp''s nat router. This is done via SNAT on our own router. /etc/shorewall/masq: eth2 $INTERNALHOSTA 192.168.0.142 We now
2004 Oct 18
11
how can i log everything?
hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and
2006 Jul 15
15
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From netfilter@linuxace.com 2006-07-15 18:38 MET ------- Jurgen: you are behind a box which doesn't understand the SACK option. From your trace: 02:52:32.237095 IP 134.76.88.65.11064 > 84.132.150.225.32805: P 237274514:237275954(1440) ack 372631662 win 181 <nop,nop,timestamp 229942196