FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 05-12-2008, 12:41 AM
 
Default conntrack and the netfilter howto

I'm trying to bone up on netfilter, iptables, conntrack etc etc.

Using the howto at:
http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls#Firewall_des ign_basics

Early on after describing how to generate a netfilter enabled kernel,
the author has this to say:

"If you've already rebooted and are using your new netfilter-enabled
kernel, you can view a list of active network connections that your
machine is participating in by typing

"cat /proc/net/ip_conntrack"

Even with no firewall configured, Linux's conntrack functionality is
working behind the scenes, keeping track of the connections that your
machine is participating in"

That file is not present on my setup. I'm guessing it may have been
renamed since the howto was written... maybe to `nf_conntrack'. But in
the files listed in /proc/net... I don't see the behavior described.

Maybe someone can tell me what has changed or what is missing...

ls /proc/net:

arp ip_tables_matches netlink ptype
softnet_stat
arp_tables_matches ip_tables_names netstat raw
stat
arp_tables_names ip_tables_targets nf_conntrack route
tcp
arp_tables_targets ipt_hashlimit nf_conntrack_expect rt_acct
udp
dev ipt_recent packet rt_cache
udplite
dev_mcast mcfilter pnp snmp
unix
igmp netfilter protocols sockstat

--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-12-2008, 02:51 AM
Norberto Bensa
 
Default conntrack and the netfilter howto

Quoting reader@newsguy.com:


"If you've already rebooted and are using your new netfilter-enabled
kernel, you can view a list of active network connections that your
machine is participating in by typing

"cat /proc/net/ip_conntrack"

Even with no firewall configured, Linux's conntrack functionality is
working behind the scenes, keeping track of the connections that your
machine is participating in"

That file is not present on my setup.


Parhaps the author was on crack, or he wasn't using a modularized kernel

There will be no ip_conntrack unless you modprobe nf_contrack_ipv4.

HTH,
Norberto

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 01:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org