Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:netfilter_iptables:netfilter_management [2018/09/16 12:49] – ↷ Page moved from inbox:firewall:netfilter_iptables:netfilter_management to docs:guide-user:firewall:netfilter_iptables:netfilter_management bobafetthotmail | docs:guide-user:firewall:netfilter_iptables:netfilter_management [2018/09/18 21:07] – dturvene | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| ===== Inspecting tables using fw3 ===== | ===== Inspecting tables using fw3 ===== | ||
| - | The [[inbox: | + | The [[docs: |
| line interface to see all the netfilter rules. | line interface to see all the netfilter rules. | ||
| Line 68: | Line 68: | ||
| To fix this, append your LOG rule to the '' | To fix this, append your LOG rule to the '' | ||
| + | |||
| + | ===== Conntrack Diagnostics ===== | ||
| + | Many netfilter features, especially NAT, depend on the '' | ||
| + | IP connections between the WAN-side and the LAN-side. | ||
| + | invaluable when debugging traffic rules. | ||
| + | through the [[https:// | ||
| + | at ''/ | ||
| + | |||
| + | Here is a typical conntrack entry: | ||
| + | < | ||
| + | ipv4 2 tcp 6 4088 ESTABLISHED src=192.168.3.171 dst=192.168.10.175 sport=33284 dport=22 packets=24 bytes=1248 src=192.168.10.175 dst=192.168.3.171 sport=22 dport=33284 packets=24 bytes=1248 [ASSURED] mark=0 use=2 | ||
| + | </ | ||
| + | This is a ipv4 tcp session on port=22 (SSH). | ||
| + | |||
| + | :!: The nf_conntrack parameters can be tuned using parameters in the sysfs | ||
| + | filesystem under ''/ | ||
| + | |||