similar to: [Bug 1381] New: Conntrackd segfaults when committing external caches

Hi, I´m trying use conntrackd, shorewall and keepalived. Conntrackd (now know as conntrack-tools) is working ok, keepalived too, but i don´t know how to put some iptables rules in shorewall. eth0 is the local area (192.168.0.0/24) eth1 is the net area (192.168.1.0/24) [1] iptables -P FORWARD DROP [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED - j ACCEPT [3] iptables -A

Hi all. I currently try to start conntrackd to test it. CentOS release 6.3 (Final) Linux lb1.local 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux This is a VirtualBox vm. I try: /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d My config: [root at lb1 log]# egrep -v '^\s*#|^$' /etc/conntrackd/conntrackd.conf | less Sync {

https://bugzilla.netfilter.org/show_bug.cgi?id=1123 Bug ID: 1123 Summary: conntrackd will not accept connection records into kernel table from another machine Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5

Hi. Is anyone using conntrack-tools to implement gateway failover on a network with windows clients? I set it up with ucarp and keepalived, and found that gratuitous ARP doesn''t always seem to update the cache on Windows machines. It works the first time, but if a second failover happens, the client continues to send stuff to the wrong MAC address. Linux machines work fine.

https://bugzilla.netfilter.org/show_bug.cgi?id=1445 Bug ID: 1445 Summary: conntrackd: segfaults when not disabling internal cache Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: critical Priority: P5

Hi. I''m wondering if there''s a good way to configure a Linux firewall box to failover to a single backup server, while preserving connection state. This question has been asked before, but the latest reference I can find is from 2004, at which time Linux had no equivalent of OpenBSD''s pfsync, though Harald was said to be working on one. Did anything come of those

Hi, I'm trying to build a redundant duo of firewalls/routers/gateways and I'm thinking about not putting any disks in them and instead using a usb-stick raid-1 as storage. Has anyone any experience with this? Since the machines will be running pretty much only iptables, conntrackd and keepalived there is not going to be a lot of disk activity going on and the plan is to do all the

hi i''ve not found many hints on shorewall/ucarp/conntrackd topic. i''m sharing this with the list, so that i''m able to search and find it the next time. :) i''ve setup 2 identical systems with shorewall, ucarp and conntrackd in an active/backup way. ucarp just calls ifup/ifdown, all network configuration is maintained in /etc/network/interfaces (Debian),

https://bugzilla.netfilter.org/show_bug.cgi?id=1053 Bug ID: 1053 Summary: connection tracker integration issue Product: conntrack-tools Version: unspecified Hardware: i386 OS: All Status: NEW Severity: critical Priority: P5 Component: conntrack-daemon Assignee:

https://bugzilla.netfilter.org/show_bug.cgi?id=1229 Bug ID: 1229 Summary: conntrackd man page "State <policy> {<states list>}" Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Hi, while testing racoon on Linux (based on the ported ipsec-tools) the following issue appeared: Racoon did not verify the RSA Signatures during Phase 1 in either main or aggressive mode. Authentication was possible using a correct certificate and a wrong private key. I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I will test it using the SNAP Kit but suspect it to be

Hi! The Netfilter project proudly presents: conntrack-tools 1.2.0 This release is a major milestone that includes support for expectation synchronization and the new nfct utility that, by now, only supports the new cttimeout infrastructure. See ChangeLog that comes attached to this email for more details. You can download it from:

https://bugzilla.netfilter.org/show_bug.cgi?id=999 --- Comment #2 from Wolfram Schlich <wolfram at schlich.org> --- (In reply to Pablo Neira Ayuso from comment #1) > Are you sure that your kernel supports CONFIG_NETFILTER_NETLINK and > CONFIG_NF_CT_NETLINK. Yes, pretty sure: --8<-- zephyr ~ # zgrep CONFIG_NETFILTER_NETLINK /proc/config.gz CONFIG_NETFILTER_NETLINK=y

Hi! The netfilter project presents another development release of the conntrack-tools that includes a new `-S' option for the command line tool, and a generic infrastructure to allow using different protocols to replicate state-changes, currently unicast UDP and multicast are supported. = command line interface: conntrack = * Add `-S' option to display in-kernel connection tracking

Hi! The netfilter project presents another development release of the conntrack-tools that includes accumulated fixes, one improvement for the polling approach and a couple of new features, mainly: = command line interface: conntrack = * Allow use of -D with -p proto --state to delete entries in a certain protocol state. = userspace daemon: conntrackd = * Fix endianess issue in the network

Hi! The netfilter project presents another development release of the conntrack-tools. As usual, this release includes important fixes, improvements and new features, mainly: = command line interface: conntrack = * New option `-C': you can use it to display the number of entries in the conntrack and expectation tables. = userspace daemon: conntrackd = * Internal performance improvements:

Hi! The netfilter project proudly presents conntrack-tools-0.9.3 The userspace daemon conntrackd covers the specific aspects of stateful Linux firewalls to enable high availability solutions, and can be used as statistics collector of the firewall use as well. The daemon is highly configurable and easily extensible. On the other hand, the command line conntrack provides an interface to add,

https://bugzilla.netfilter.org/show_bug.cgi?id=1203 Bug ID: 1203 Summary: 'DisableExternalCache On' seems to be broken Product: conntrack-tools Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: conntrack-daemon Assignee:

Hi! The netfilter project presents another development release of the conntrack-tools that includes support for all the protocol helpers available in 2.6.30 that were missing so far (SCTP, UDPlite, DCCP and GRE). The daemon updates includes a fix for a memory leak that can be triggered under heavy load and if you set a hashtable in user-space that is smaller than the one in the kernel. Moreover,

Hi! The Netfilter project presents another development release of the conntrack-tools. This release includes several fixes for the command line tool and lots of improvements for the daemon. Specifically I'd like to thank Hannes Eder, Vincent Jardin and Samuel Gauthier for their suggestions and contributions. Please, see changelog attached for more details. I'd also like to thank