home.social

#conntrack — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #conntrack, aggregated by home.social.

  1. Now my little bandwidth-monitor project for OpenWRT and Linux Routers is pretty complete.

    It supports Adguard Home, Pi-hole and nextdns.io for the DNS tab. And has a Unifi integration to get the Wifi Status. (Might add Omada later)

    Additionally I added a Speedtest capability and some Debugging Features.

    Also you can see your #Conntrack #NAT status.

    github.com/awlx/bandwidth-moni

    #Monitoring #OpenWRT #Bandwidth

  2. 2/2

    ⚙️ Por esto es que podemos configurar un #firewall stateful con protocolos sin handshake.

    ⚙️ Obviamente no se bloquea UDP por defecto, y no, UDP no tiene handshake ni conexión en TCP/IP.

    En fin, las conexiones en protocolos de #TCPIP y las conexiones que identifica #netfilter con #conntrack no son las mismas.

    Espero que se entienda! cualquier duda me comentan 💬

    Gracias a todos/as por participar! 🤗

    +info 👇

    🔗 juncotic.com/firewall-stateful

    #ciberseguridad #linux #nftables #iptables #firewall

  3. 1/2

    Hola comunidad!👋

    Feedback de la encuesta de la semana pasada!

    🟢 Un paquete de respuesta es conexión para conntrack

    A nivel #TCPIP, #UDP es un protocolo de transporte sin conexión, pero a nivel #netfilter, un paquete de respuesta se considera parte de una conexión establecida.

    Por eso es que podemos seguir "conexiones" #icmp o #ip, que son protocolos sin handshake también.

    De hecho, el "syn-ack" de #tcp ya es conexión para #conntrack, por más que no sea (todavía) una conexión TCP 😜

    🧵

  4. Today in "how did my life decisions lead me here?", diagnosing hanging TCP connections from a NATed container through another layer of NAT on my router up to the internet. With two different kernels and three network stacks involved (calico, the bare linux stack, and FreeBSD/OPNSense).

    Of course the issue is pretty random (though it seems to always end up happening), and I can only really narrow it down to an IP range where I have some MBps of sustained traffic all through the chain, making packet captures... On the large side.

    This all feels pretty manual. Any tool recommendations to
    - dump conntrack states in an exploitable format?
    - match tcpdump traces with recorded conntrack states?
    - align and compare tcpdump traces at multiple points in a chain?
    - analyze issues in tcp sessions that I've captured?

    So far I've used #conntrack #wireshark #tcpdump, but still haven't managed to nail it.

    #Linux #Opnsense #sysadmin