![]() And it's happening on multiple servers so I don't think this is some kind of a glitch. We think it may be related to. roothodling-xrp.no conntrack -E -p tcp grep UNREPLIED NEW tcp 6 120 SYNSENT src::1 dst::1 sport28192 dport9099 UNREPLIED src::1 dst::1. ![]() The old IP is still used in the natted connexion. Description of problem: node-exporter triggers alarm on NodeHighNumberConntrackEntriesUsed. I am running a VM with Ubuntu 14.04, kernel 3.19.0-33 and > conntrack v1.4.1. I tried to play with netstat-nat but I didn't managed to get anything from it. When I look my iptables rules, everything looks OK : #iptables -t nat -nL This patch allows to send the 1st initiating packet, but blocks the transmission of the next UDP packets as long as the created connection is still unreplied. Iptables -t nat -A POSTROUTING -o eth0 -p udp -dport 38041 -j SNAT -to-source 10.230.0.4 So all the next packets of the same mono-dir stream will succesfully pass through the firewall. The IP is reassigned to eth0, the iptables rules is deleted and a new iptables rules is added (with the right IP) iptables -t nat -D POSTROUTING -o eth0 -p udp -dport 38041 -j SNAT -to-source 10.230.0.1 Active-Backup setups Stateful firewall architectures A good reading to extend the information about firewall architectures is Demystifying cluster-based fault-tolerant firewalls published in IEEE Internet Computing magazine. Say in my example it goes from 10.230.0.1 to 10.230.0.4. If you don't want to put the config file under /etc/conntrackd/, just tell conntrackd where to find it passing the option -C. I'm using Debian 10, and iptables to do some SNAT to force all my packets outgoing from eth0 to a specific UDP port to use a specific IP attached to eth0 : iptables -t nat -D POSTROUTING -o eth0 -p udp -dport 38041 -j SNAT -to-source 10.230.0.1īut sometimes, the source IP gets redistributed and it changes. smartbyte: conntrack -E Here is the STUN-Part NEW udp 17 60 src192.168.1.38 dst216.93.246.14 sport44608 dport3478 UNREPLIED src216.93.246.14. I have a problem with natted connection on linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |