#conntrack — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #conntrack, aggregated by home.social.
-
Now my little bandwidth-monitor project for OpenWRT and Linux Routers is pretty complete.
It supports Adguard Home, Pi-hole and nextdns.io for the DNS tab. And has a Unifi integration to get the Wifi Status. (Might add Omada later)
Additionally I added a Speedtest capability and some Debugging Features.
Also you can see your #Conntrack #NAT status.
-
2/2
⚙️ Por esto es que podemos configurar un #firewall stateful con protocolos sin handshake.
⚙️ Obviamente no se bloquea UDP por defecto, y no, UDP no tiene handshake ni conexión en TCP/IP.
En fin, las conexiones en protocolos de #TCPIP y las conexiones que identifica #netfilter con #conntrack no son las mismas.
Espero que se entienda! cualquier duda me comentan 💬
Gracias a todos/as por participar! 🤗
+info 👇
🔗 https://juncotic.com/firewall-stateful-vs-stateless-diferencias-y-aplicaciones/
-
1/2
Hola comunidad!👋
Feedback de la encuesta de la semana pasada!
🟢 Un paquete de respuesta es conexión para conntrack
A nivel #TCPIP, #UDP es un protocolo de transporte sin conexión, pero a nivel #netfilter, un paquete de respuesta se considera parte de una conexión establecida.
Por eso es que podemos seguir "conexiones" #icmp o #ip, que son protocolos sin handshake también.
De hecho, el "syn-ack" de #tcp ya es conexión para #conntrack, por más que no sea (todavía) una conexión TCP 😜
🧵
-
Today in "how did my life decisions lead me here?", diagnosing hanging TCP connections from a NATed container through another layer of NAT on my router up to the internet. With two different kernels and three network stacks involved (calico, the bare linux stack, and FreeBSD/OPNSense).
Of course the issue is pretty random (though it seems to always end up happening), and I can only really narrow it down to an IP range where I have some MBps of sustained traffic all through the chain, making packet captures... On the large side.
This all feels pretty manual. Any tool recommendations to
- dump conntrack states in an exploitable format?
- match tcpdump traces with recorded conntrack states?
- align and compare tcpdump traces at multiple points in a chain?
- analyze issues in tcp sessions that I've captured?So far I've used #conntrack #wireshark #tcpdump, but still haven't managed to nail it.