Kernel >= 2.6.5, ip_conntrack and udp traffic

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Kernel >= 2.6.5, ip_conntrack and udp traffic
@ 2004-08-12  7:56 Sander Smeenk
  0 siblings, 0 replies; only message in thread
From: Sander Smeenk @ 2004-08-12  7:56 UTC (permalink / raw)
  To: netfilter

Hello,

I am one of the few people experiencing problems with UDP traffic being
connection tracked and somehow causing the iptables code to start
blurting out:

Aug  5 12:56:48 valor kernel: ip_conntrack_in: Frag of proto 17 (hook=0)
Aug  5 12:56:48 valor kernel: NF_IP_ASSERT:
net/ipv4/netfilter/ip_nat_standalone.c:83(ip_nat_fn)
Aug  5 12:56:48 valor kernel: ip_conntrack_in: Frag of proto 17 (hook=0)

When I try to access my sfs mounts. Google shows this has to do with a
NFS mount to localhost, with r/wsize set to >8192 bytes.

Is sfs/nfs behaving badly, or is the iptables core?

Previously, with kernels < 2.6.8-rcN, I could 'work around' this problem
by not-tracking UDP traffic, but this doesn't seem to work anymore with
the newest kernels...

There's not a lot of information in google about this problem. Am I one
of the few that experience this?

Kind regards,
Sander.

-- 
| Where are the first 6-up's ?
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8  9BDB D463 7E41 08CE C94D

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-08-12  7:56 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-12  7:56 Kernel >= 2.6.5, ip_conntrack and udp traffic Sander Smeenk

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox