[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: IPv6 return path filter default active? (fixed)

Hi Philip,

> > Typing:
> >  echo 1 > /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
> > on both routers finally fixed my problem. Thanks for your time and help!
>
> wow, thanks for the followup. But then, shouldn't conntrackd just set that? Or mention that in its documentation? 
> Did/could you file a bug about that?

It's probably not a bug: I can imagine that syncing ACK windows introduces an enormous amount of traffic over the conntrackd link, although I have not done any math on this.

But maybe conntrackd should set that flag, or at least warn for it. Their documentation says that you should set it if your kernel version is below 2.6.22, to disable TCP window tracking. Mine isn't, so I did never felt the need to investigate what window tracking is earlier...

I will contact them about this anyway.
-- 
Best regards,
Reinier Boon


Reinier Boon | Senior software engineer | Telecats bv | KvK Enschede 06069106 | Tel: +31 53 488 99 26 | Fax: +31 53 488 99 10 | Email: r.t.boon@telecats.nl
Reply to: