* No ICMP connections in /proc/net/ip_conntrack?
@ 2005-02-11 17:47 Asim Shankar
2005-02-11 18:45 ` Jason Opperisano
0 siblings, 1 reply; 3+ messages in thread
From: Asim Shankar @ 2005-02-11 17:47 UTC (permalink / raw)
To: netfilter
Hi,
I can't see any ICMP entries in /proc/net/ip_conntrack. My setup is as follows:
Machine A:
- Connected to the internet on eth0 and to a private (192.168.1.0/24) on eth1.
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Machines B and C:
- Connected to the private (192.168.1.0/24) network on eth0
- Default gateway: Machine A
Machine D:
- Connected to the internet
If I ssh/ftp/run a udp-echo client on machines A/B, connecting to
machine D, I can see the entries in /proc/net/ip_conntrack on machine
A.
However, if I "ping D" from A and B, then no entry seems to be present
in ip_conntrack. My understanding based on:
http://www.faqs.org/docs/iptables/icmpconnections.html is that I
should see something in ip_conntrack.
Am I missing something?
Thanks,
Regards,
-- Asim
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: No ICMP connections in /proc/net/ip_conntrack?
2005-02-11 17:47 No ICMP connections in /proc/net/ip_conntrack? Asim Shankar
@ 2005-02-11 18:45 ` Jason Opperisano
2005-02-12 15:11 ` Alistair Tonner
0 siblings, 1 reply; 3+ messages in thread
From: Jason Opperisano @ 2005-02-11 18:45 UTC (permalink / raw)
To: netfilter
On Fri, Feb 11, 2005 at 11:47:37AM -0600, Asim Shankar wrote:
> However, if I "ping D" from A and B, then no entry seems to be present
> in ip_conntrack. My understanding based on:
> http://www.faqs.org/docs/iptables/icmpconnections.html is that I
> should see something in ip_conntrack.
>
> Am I missing something?
yeah--you're just not that fast. a conntrack entry is created when the
ICMP Echo-Request is received and removed when the Echo-Reply goes out.
the total elapsed time that the conntrack entry exists would be in the
very low millisecond range...and i don't think your cat is that fast.
-j
--
"Silly customer, you cannot hurt a Twinkie!"
--The Simpsons
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: No ICMP connections in /proc/net/ip_conntrack?
2005-02-11 18:45 ` Jason Opperisano
@ 2005-02-12 15:11 ` Alistair Tonner
0 siblings, 0 replies; 3+ messages in thread
From: Alistair Tonner @ 2005-02-12 15:11 UTC (permalink / raw)
To: Jason Opperisano, netfilter
On February 11, 2005 01:45 pm, Jason Opperisano wrote:
> On Fri, Feb 11, 2005 at 11:47:37AM -0600, Asim Shankar wrote:
> > However, if I "ping D" from A and B, then no entry seems to be present
> > in ip_conntrack. My understanding based on:
> > http://www.faqs.org/docs/iptables/icmpconnections.html is that I
> > should see something in ip_conntrack.
> >
> > Am I missing something?
>
> yeah--you're just not that fast. a conntrack entry is created when the
> ICMP Echo-Request is received and removed when the Echo-Reply goes out.
> the total elapsed time that the conntrack entry exists would be in the
> very low millisecond range...and i don't think your cat is that fast.
>
> -j
I can assure you Jason, my cat isn't that fast, in fact right now he's
horizontal, on his back, purring up a storm... I doubt he'd be able to twitch
a whisker in time.
Alistair.
>
> --
> "Silly customer, you cannot hurt a Twinkie!"
> --The Simpsons
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-02-12 15:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-11 17:47 No ICMP connections in /proc/net/ip_conntrack? Asim Shankar
2005-02-11 18:45 ` Jason Opperisano
2005-02-12 15:11 ` Alistair Tonner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.