conntrackd

conntrackd

[Rob Sterenborg]

Hi,

I'm trying to setup conntrackd according to
http://people.netfilter.org/pablo/conntrackd/install.html. It looks like
I'm doing something wrong but I can't find out what it is.

I'm using:
- CentOS 5
- kernel 2.6.22.1
- libnfnetlink-20070712
- libnetfilter_conntrack-20070712
- conntrack-tools-20070712
- keepalived-1.1.13

I've installed keepalived and got that part working.
Next, I installed/configured conntrackd, but when trying to start it I
receive this error:

# conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
ERROR: conntrackd cannot start, please check the logfile for more info

# tail /var/log/conntrackd.log
[...]
[Mon Aug  6 13:25:03 2007] (pid=5701) --- starting in console mode ---
[Mon Aug  6 13:25:03 2007] (pid=5701) [FAIL] can't open multicast
server!
[Mon Aug  6 13:25:03 2007] (pid=5701) [FAIL] initialization failed

So, I thought I may lack some options in the kernel. To sum it up:

CONFIG_IP_MULTICAST=y

CONFIG_NF_CONNTRACK_ENABLED=m

The doc says I need:
# nfnetlink
# ctnetlink (ip_conntrack_netlink) 

This would be nfnetlink (?):
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m

CONFIG_NF_CT_NETLINK=m
This produces nf_conntrack_netlink.o.
In 2.6.18 (RHEL5 source) upto 26.21.7 (vanilla) I find
CONFIG_IP_NF_CONNTRACK_NETLINK=m (which produces ip_conntack_netlink.o),
but in 2.6.22.1 it's not there. I don't see anything about this in the
changelog for 2.6.22 or 2.6.22.1: has this been replaced by
nf_conntrack_netlink.o?

About "connection tracking event notification API", I suppose it's this?
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_ENABLE=m
(CONFIG_NF_CONNTRACK_EVENTS=y)

I don't know where else to look and Google didn't exactly give me much.
Can someone please enlighten me what it is that I'm missing here?


Thanks,
Rob

Re: conntrackd

[Pablo Neira Ayuso]

Rob Sterenborg wrote:
> # conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
> ERROR: conntrackd cannot start, please check the logfile for more info
> 
> # tail /var/log/conntrackd.log
> [...]
> [Mon Aug  6 13:25:03 2007] (pid=5701) --- starting in console mode ---
> [Mon Aug  6 13:25:03 2007] (pid=5701) [FAIL] can't open multicast
> server!
> [Mon Aug  6 13:25:03 2007] (pid=5701) [FAIL] initialization failed

Extracted from conntrackd.conf:

        Multicast {
                IPv4_address 225.0.0.50
                IPv4_interface 192.168.100.100 # IP of dedicated link
                                    ^^^
Did you setup an interface with this IP? Otherwise the multicast sender
won't work, i.e. your dedicated link (ethX) must use the IP 192.168.100.100.

-- 
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.

RE: conntrackd

[Rob Sterenborg]

netfilter-bounces@lists.netfilter.org wrote:
> Rob Sterenborg wrote:
>> # conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
>> ERROR: conntrackd cannot start, please check the logfile for more
>> info 

[...]

> Extracted from conntrackd.conf:
> 
>         Multicast {
>                 IPv4_address 225.0.0.50
>                 IPv4_interface 192.168.100.100 # IP of dedicated link
>                                     ^^^
> Did you setup an interface with this IP? Otherwise the multicast
> sender won't work, i.e. your dedicated link (ethX) must use the IP
> 192.168.100.100.

Hmm. Of course.
Sorry, I missed the obvious..

> BTW, please use latest official releases.

Will do.


Thanks,
Rob

Re: conntrackd

[Pablo Neira Ayuso]

Rob Sterenborg wrote:
> Hi,
> 
> I'm trying to setup conntrackd according to
> http://people.netfilter.org/pablo/conntrackd/install.html. It looks like
> I'm doing something wrong but I can't find out what it is.
> 
> I'm using:
> - CentOS 5
> - kernel 2.6.22.1
> - libnfnetlink-20070712
> - libnetfilter_conntrack-20070712
> - conntrack-tools-20070712

BTW, please use latest official releases.

-- 
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.

conntrackd

[Filka Michal]

Hi all,

Is there any paper, howto or something else with deeper information about conntrackd available?

Thanks for answer ...

Michal Filka
System Software Engineer

SITRONICS Telecom Solutions, Czech Republic a.s.


Tel.: +420 211 029 247
BB Centrum - Beta, Vyskoèilova 1461/2a, 140 00  Praha 4, Czech Republic
www.sitronicsts.com

DISCLAIMER
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.