conntrack
-
T
Disabling conntrack on VM interface (with nftables-based firewall enabled)
Hey everyone, I've got a VM running a site to site VPN which is a backup to a physical connection handled by a hardware router. As a result of this, the traffic passing via the internal interface may be asymmetrical, or existing connections created over the physical backhaul connection may at...- tt2468
- Thread
- conntrack nftables
- Replies: 1
- Forum: Proxmox VE: Networking and Firewall
-
S
IPv6 Neighbor solicitations are dropped with kernel 6.8.12-2-pve
Hello everyone, this is my first post on this forum so be nice and point out to me if I'm doing something wrong. I think there is a bug in the kernel 6.8.12-2-pve where icmpv6 Neighbor solicitations packets are dropped if there is the following rule in iptables: ip6tables -I INPUT -m conntrack...- samuelemusiani
- Thread
- conntrack iptables ipv6 ndp
- Replies: 1
- Forum: Proxmox VE: Networking and Firewall
-
G
persistent nf_conntrack sysctl
Hello. I am trying to modify nf_conntrack options in /etc/sysctl.conf i have : net.netfilter.nf_conntrack_generic_timeout=60 net.netfilter.nf_conntrack_icmp_timeout=10 #net.netfilter.nf_conntrack_tcp_timeout_close=10 net.netfilter.nf_conntrack_tcp_timeout_close_wait=20...- gernazdasch
- Thread
- conntrack firewall sysctl
- Replies: 2
- Forum: Proxmox VE: Networking and Firewall
-
A
preconfigured firewall rules and overrun conntrack table
I am encountering a problem on busy servers were the nodes "inexplicably" lost connectivity with cluster partners and fence themselves off. Some investigation shows that when this happens, pve-firewall is enabled and conntrack table is full. a quick look at "virgin" iptables rules has entries...- alexskysilk
- Thread
- conntrack firewall
- Replies: 1
- Forum: Proxmox VE: Installation and configuration