conntrack

Hi, I am wondering about nftables, in the admin guide it says to use nftables you need to install proxmox-firewall instead of pve-firewall (https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_nft). It also says that it is currently in tech preview and not suitable for production...

Hello, I've encountered an issue where conntrack seems not to work when the VM that is being migrated has HA enabled. I have tested different HA Shutdown policies, but it doesn't seem to make a difference. I've also tested disabling the host firewall, enabling the firewall but allowing...

Environment Proxmox VE: 9.x (latest kernel at time of posting) pve-firewall (iptables backend Guests: LXC on a Linux VLAN, LXC on a Linux Bridge source /etc/network/interfaces.d/* auto lo iface lo inet loopback pre-up sysctl -w net.ipv4.ip_forward=1 auto nic0 iface nic0 inet manual auto...

Hey everyone, I've got a VM running a site to site VPN which is a backup to a physical connection handled by a hardware router. As a result of this, the traffic passing via the internal interface may be asymmetrical, or existing connections created over the physical backhaul connection may at...

Hello everyone, this is my first post on this forum so be nice and point out to me if I'm doing something wrong. I think there is a bug in the kernel 6.8.12-2-pve where icmpv6 Neighbor solicitations packets are dropped if there is the following rule in iptables: ip6tables -I INPUT -m conntrack...

Hello. I am trying to modify nf_conntrack options in /etc/sysctl.conf i have : net.netfilter.nf_conntrack_generic_timeout=60 net.netfilter.nf_conntrack_icmp_timeout=10 #net.netfilter.nf_conntrack_tcp_timeout_close=10 net.netfilter.nf_conntrack_tcp_timeout_close_wait=20...

I am encountering a problem on busy servers were the nodes "inexplicably" lost connectivity with cluster partners and fence themselves off. Some investigation shows that when this happens, pve-firewall is enabled and conntrack table is full. a quick look at "virgin" iptables rules has entries...