| |
| |
| |
|
Comments:
<0> Hi! I am having a wierd behavior with the conntrack system
<0> e.g.:
<0> tcp 6 431686 ESTABLISHED src=192.168.0.50 dst=213.194.0.71 sport=48449 dport=80 packets=1 bytes=40 [UNREPLIED] src=213.194.0.71 dst=192.168.1.1 sport=80 dport=48449 packets=0 bytes=0 mark=0 use=1
<0> this is an entry from /proc/net/ip_conntrack
<0> at this connection there was sent only the SYN packet without reply, but it is ***umed as an ESTABLISHED rather than a SYN_SENT connection
<0> any ideas why that happens??
<0> I am having prob because this kind of connection takes a looot of time to timeout
<1> gug
<2> hugh
<3> hu
<4> mooien
<0> hi
<0> I ve got a prob with the conntrack system
<1> ?
<0> it reports connections as ESTABLISHED rather than SYN_SENT when only syn is sent
<0> e.g.:
<0> tcp 6 431857 ESTABLISHED src=192.168.0.50 dst=213.194.0.112 sport=63736 dport=80 packets=1 bytes=40 [UNREPLIED] src=213.194.0.112 dst=192.168.1.1 sport=80 dport=63736 packets=0 bytes=0 mark=0 use=1
<0> as you can see there is only packet sent (and it is the SYN) with no reply
<0> but it says ESTABLISHED rather than SYN_SENT
<0> my prob is that this connection will not time-out in 2 minutes (which should)
<0> any idea?
<2> sque: which kernel ?
<0> 2.6.16
<0> Regit, where should I look for help?
<2> sque: have you used the conntrack tool or /proc ?
<0> ./proc
<0> no I haven't even install conntrack tool
<5> are there any documents when using libiptc how you should populate an ipt_entry, it seems no matter what I do, it doesnt like how I am structuring it
<1> phoem: the only "document" is probably the iptables source code
<5> :/ k
<1> the official answer is that libiptc was not intended to be used by third party applications
<1> but instead it should be considered a part of iptables
<5> is there a library that intended to be used by third party apps?
<5> "that is" rather
<1> I don't think so: people usually just use libiptc, but because of its status there is absolutely no documentation
<6> phoem: the usual interface is pipe into stdin of "iptables-restore --noflush"
<6> that's gpl/proprietary license clean and reasonable efficient (no fork/exec/dlopen cycles)
<5> thanks
<7> hi there
<7> does anyone have an idea about the following strange problem?
<7> I have one box behind my firewall with statefull match which does not produce any sensefull entries in conntrack
<7> If I open an ssh connection to this box the conntrack table tells me that this connection is UNREPLIED
<7> and in status SYN_SENT
<7> but the connection exists
Return to
#netfilter
or
Go to some related
logs:
#javascript
sendmail different domain
#debian
add wlan0 linux
stage 3 uri gentoo
#php
mailman postfix user unknown in virtual alias table
Guitifications ubuntu
IE7 slow onmouseover
#lisp
|
|