Skip to main content
Super User

All Questions

Ask Question
Tagged with
7 questions
Newest Active Bountied Unanswered
1 vote
1 answer
317 views

Linux conntrack not seeing multicast responses as part of the same flow

My tv (192.168.1.48) is multicasting an SSDP packet (to 239.255.255.250:1900), and on my server (192.168.1.17), by running smcroute and doing some packet mangling to increase the IP TTL of this ...
j0057's user avatar
j0057
  • 260
0 votes
1 answer
38 views

Why does it go through netfilter postrouting when visiting local ports?

Environment: [root@VM-32-4-centos ~]# uname -r 3.10.0-514.26.2.el7.x86_64 I have set log printing in the following chain: [root@VM-32-4-centos ~]# iptables -A INPUT -p tcp --dport 8000 -j LOG --log-...
harrymc's user avatar
harrymc
  • 1
0 votes
0 answers
276 views

nftables rules syantax getting error in adding rule

I am trying to add this rule nft insert rule ip nat PREROUTING iifname enp0s3 udp dport 9100 counter dnat to 192.168.150.2 I am getting this error [root@ph3ro]# nft insert rule ip nat PREROUTING ...
ph3ro's user avatar
ph3ro
  • 143
1 vote
0 answers
795 views

UDP packets dropped with `ctstate=INVALID`, but meanwhile its connection `[ASSURED]` in conntrack list

I have my router connecting to a remote VPS as so-called 'VPN' that is based on UDP protocol, then the VPS traffic slows down in few seconds after a new reboot. I can see a huge amount of incoming ...
Eric's user avatar
Eric
  • 11
1 vote
0 answers
430 views

iptables DNAT traffic to localhost weird behavior

I hit a problem when trying to understand how iptables handles DNATed packet.. I run a server at localhost:8000, and I added a rule to nat table: -A OUTPUT -d 1.2.3.4/32 -p tcp -m tcp --dport 80 -j ...
norshtein's user avatar
norshtein
  • 11
1 vote
0 answers
604 views

Packets disappearing between forward and postrouting hooks

I can see packets getting logged/accepted in the forward chain and they're correctly tagged with the right outbound interface, but they never hit the rule in the postrouting chain and tcpdump never ...
Huckle's user avatar
Huckle
  • 568
1 vote
1 answer
1k views

Conntrack empty within a Docker container

Does anyone of you have experience with the use of conntrack in a containerized environment? I am running a regular alpine docker container with docker run --network bridge --privileged --cap-add all -...
Mokubai's user avatar
Mokubai
  • 93.8k