Mailing List Archive: iptables: User

conntrackd

Index | Next | Previous | View Threaded

rob at sterenborg

Aug 7, 2007, 6:39 AM

Post #1 of 5 (1502 views)
Permalink

conntrackd

Hi,

I'm trying to setup conntrackd according to
http://people.netfilter.org/pablo/conntrackd/install.html. It looks like
I'm doing something wrong but I can't find out what it is.

I'm using:
- CentOS 5
- kernel 2.6.22.1
- libnfnetlink-20070712
- libnetfilter_conntrack-20070712
- conntrack-tools-20070712
- keepalived-1.1.13

I've installed keepalived and got that part working.
Next, I installed/configured conntrackd, but when trying to start it I
receive this error:

# conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
ERROR: conntrackd cannot start, please check the logfile for more info

# tail /var/log/conntrackd.log
[...]
[Mon Aug 6 13:25:03 2007] (pid=5701) --- starting in console mode ---
[Mon Aug 6 13:25:03 2007] (pid=5701) [FAIL] can't open multicast
server!
[Mon Aug 6 13:25:03 2007] (pid=5701) [FAIL] initialization failed

So, I thought I may lack some options in the kernel. To sum it up:

CONFIG_IP_MULTICAST=y

CONFIG_NF_CONNTRACK_ENABLED=m

The doc says I need:
# nfnetlink
# ctnetlink (ip_conntrack_netlink)

This would be nfnetlink (?):
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m

CONFIG_NF_CT_NETLINK=m
This produces nf_conntrack_netlink.o.
In 2.6.18 (RHEL5 source) upto 26.21.7 (vanilla) I find
CONFIG_IP_NF_CONNTRACK_NETLINK=m (which produces ip_conntack_netlink.o),
but in 2.6.22.1 it's not there. I don't see anything about this in the
changelog for 2.6.22 or 2.6.22.1: has this been replaced by
nf_conntrack_netlink.o?

About "connection tracking event notification API", I suppose it's this?
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_ENABLE=m
(CONFIG_NF_CONNTRACK_EVENTS=y)

I don't know where else to look and Google didn't exactly give me much.
Can someone please enlighten me what it is that I'm missing here?

Thanks,
Rob

pablo at netfilter

Aug 7, 2007, 7:28 AM

Post #2 of 5 (1412 views)
Permalink

Re: conntrackd [In reply to]

Rob Sterenborg wrote:
> # conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
> ERROR: conntrackd cannot start, please check the logfile for more info
>
> # tail /var/log/conntrackd.log
> [...]
> [Mon Aug 6 13:25:03 2007] (pid=5701) --- starting in console mode ---
> [Mon Aug 6 13:25:03 2007] (pid=5701) [FAIL] can't open multicast
> server!
> [Mon Aug 6 13:25:03 2007] (pid=5701) [FAIL] initialization failed

Extracted from conntrackd.conf:

Multicast {
IPv4_address 225.0.0.50
IPv4_interface 192.168.100.100 # IP of dedicated link
^^^
Did you setup an interface with this IP? Otherwise the multicast sender
won't work, i.e. your dedicated link (ethX) must use the IP 192.168.100.100.

--
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.

pablo at netfilter

Aug 7, 2007, 7:31 AM

Post #3 of 5 (1411 views)
Permalink

Re: conntrackd [In reply to]

Rob Sterenborg wrote:
> Hi,
>
> I'm trying to setup conntrackd according to
> http://people.netfilter.org/pablo/conntrackd/install.html. It looks like
> I'm doing something wrong but I can't find out what it is.
>
> I'm using:
> - CentOS 5
> - kernel 2.6.22.1
> - libnfnetlink-20070712
> - libnetfilter_conntrack-20070712
> - conntrack-tools-20070712

BTW, please use latest official releases.

--
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.

rob at sterenborg

Aug 7, 2007, 8:00 AM

Post #4 of 5 (1407 views)
Permalink

RE: conntrackd [In reply to]

netfilter-bounces [at] lists wrote:
> Rob Sterenborg wrote:
>> # conntrackd -C /usr/local/etc/conntrackd/conntrackd.conf
>> ERROR: conntrackd cannot start, please check the logfile for more
>> info

[...]

> Extracted from conntrackd.conf:
>
> Multicast {
> IPv4_address 225.0.0.50
> IPv4_interface 192.168.100.100 # IP of dedicated link
> ^^^
> Did you setup an interface with this IP? Otherwise the multicast
> sender won't work, i.e. your dedicated link (ethX) must use the IP
> 192.168.100.100.

Hmm. Of course.
Sorry, I missed the obvious..

> BTW, please use latest official releases.

Will do.

Thanks,
Rob

Michal.Filka at sitronicsts

Aug 14, 2007, 1:01 AM

Post #5 of 5 (1406 views)
Permalink

conntrackd [In reply to]

Hi all,

Is there any paper, howto or something else with deeper information about conntrackd available?

Thanks for answer ...

Michal Filka
System Software Engineer

SITRONICS Telecom Solutions, Czech Republic a.s.

Tel.: +420 211 029 247
BB Centrum - Beta, Vyskoèilova 1461/2a, 140 00 Praha 4, Czech Republic
www.sitronicsts.com

DISCLAIMER
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads