[Bug 1203] New: 'DisableExternalCache On' seems to be broken

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Nov 28 10:01:17 CET 2017 

https://bugzilla.netfilter.org/show_bug.cgi?id=1203

            Bug ID: 1203
           Summary: 'DisableExternalCache On' seems to be broken
           Product: conntrack-tools
           Version: unspecified
          Hardware: All
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: conntrack-daemon
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: johanrp70 at gmail.com

Hi,

I have a setup with two firewalls in a VirtualBox environment and is trying to
run conntrackd in active-active mode (DisableExternalCache On).

root at gw1:~# conntrackd -v
Connection tracking userspace daemon v1.4.4. Licensed under GPLv2.

root at gw1:~# uname -a
Linux gw1 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux

I can se conntrack info in firewall-1 with 'conntrackd -i' and 'conntrack -L'.
But when I run the same commands in firewall-2 it's empty and and I can se this
in the logfile:


[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017    udp      17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    udp      17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 SYN_SENT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 SYN_RECV src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 ESTABLISHED src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 FIN_WAIT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 CLOSE src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]

Regards

/Johan

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171128/6670cc2e/attachment.html>

More information about the netfilter-buglog mailing list