Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Tuesday, 30 September 2003 23:43:39
hi all,
something for the linux & iptables experts out there.
I use kernel 2.4.21 & iptables version 1.2.8.
I cannot seem to get my kernel to stop tracking my 6-in-4 tunnel to the PoP.
After reading on the forum I decided to ditch my existing firewall rules for testing and start with a minimal set.
I have tested with these firewall rules:
#####------------ IPv6 tunnel to SixXS-----
iptables -A INPUT -p 41 -s tunnelserver.concepts-ict.net -j ACCEPT
iptables -A OUTPUT -p 41 -d tunnelserver.concepts-ict.net -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -s tunnelserver.concepts-ict.net -j ACCEPT
iptables -t nat -A POSTROUTING --protocol ! 41 -s 192.168.100.0/24 -o ppp0 -j MASQUERADE
But the connection tracking thing keeps popping up.
Which means that my tunnel dies whenever I do not keep a background ping6 to the PoP IPv6 tunnel endpoint going. This is starting to annoy me to no end.
Anybody have any suggestions?
TIA
Wouter
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Wednesday, 01 October 2003 18:00:47
You can log packets before dropping them. That can give an idea where to search.
Do you have ip6tables running? Do you ping6 from that box or behind it?
P.S. you do not get icmpv4 echo-request from the tunnelserver. Accepting loopback packets is also necessary. If you trust your own box, you can accept all outgoing packets without checking them.
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Wednesday, 01 October 2003 23:12:53
I think you might have misunderstood my problem.
It's not that my ping6 does not get answered, that works perfectly.
Problem is that the tunnel is always connection-tracked, as evidenced by the output from "cat /proc/net/ip_conntrack". The result of which is that the tunnel dies after this connection disappears from the connection table (600 sec after my last ping6). It seems as though iptables doesn't care about the fact that I have put in a rule to always accept protocol 41 traffic coming from the tunnelserver.
BTW, my ip6tables rules are empty at the moment, with all policies set to ACCEPT.
This should mean that all IPv6 icmp request coming from the tunnel server should get through, no?
I ping6 from the firewall itself, since I do not (yet) have a subnet assigned, so my hosts behind the firewall do not have IPv6 connectivity yet.
What do you mean exactly with "Accepting loopback packets is also necessary"?
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Thursday, 02 October 2003 17:05:51
I see. It should work that way. Maybe you can log packets before dropping them to be sure that the packet enters the INPUT chain. En you can then examine the packet it can lead to something or nothing. You can see maybe why it isnt accepted.
"my ip6tables rules are empty at the moment, with all policies set to ACCEPT."
Will do fine.
About loopback, I dont know exactly why but they advice to accept everything coming/going from/to loopback.
A work around can be setting the ttl for connection-tracking to 30 minutes if it is possible??
edit:
I do NAT the 6in4 packets (SNAT all outgoing packets without exceptions) without any problems so that is why I think your problem might be other then connection-tracking.
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Thursday, 02 October 2003 21:29:58
If I let the connection disappear from the connection tracking table and then restart ping6'ing to the PoP IPv6 address, a tcpdump on my externeal itf (ppp0) shows only my echo-requests with nothing whatsoever coming back from the PoP.
I would at least expect an icmp error message if something had gone wrong with the tunnel.
Linux: unable to stop tunnel from being "connection-tracked"
Jeroen Massar on Friday, 03 October 2003 00:08:01
Can you paste those tcpdump's ? Also as you are using a heartbeat tunnel are you sure your local endpoint matches the endpoint known to the POP at that moment aka do you have the heartbeat client running?
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Friday, 03 October 2003 09:43:32
As you can see from below output of tcpdump, my heartbeat client is indeed still running after the connection has disappeared from the connection tracking table.
aias root # killall ping6
aias root # ip tunnel show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
sixxs: ipv6/ip remote 213.197.27.252 local any ttl 64
aias root # tcpdump -i ppp0 | grep 213.197.27.252
tcpdump: listening on ppp0
09:19:33.497870 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:20:33.507877 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:21:33.517793 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:22:33.527800 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:23:33.537820 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:24:33.547800 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:25:33.557792 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:26:33.567820 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:27:33.577802 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:28:33.587788 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:29:33.597791 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:30:33.607911 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:31:33.617797 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:32:33.627795 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:33:33.637791 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:34:33.647795 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:35:33.657783 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:36:33.667806 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:37:33.677814 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:38:33.687839 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:38:50.150200 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:51.157335 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:52.157318 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:53.157308 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:54.157303 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:55.157301 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:56.157292 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:57.157316 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:58.157291 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:38:59.157293 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:00.157305 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:01.157293 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:02.157305 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:03.157300 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:04.157304 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:05.157302 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:06.157288 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:07.157315 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:08.157290 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:09.157303 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:39:33.697815 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:40:33.707870 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:41:33.717801 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
09:42:19.645919 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:20.684656 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:21.697278 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:22.697328 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:23.697292 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:24.697284 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:25.697290 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:26.697286 80.200.64.227 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:42:33.727861 80.200.64.227.1039 > 213.197.27.252.3740: udp 93 (DF)
Linux: unable to stop tunnel from being "connection-tracked"
Jeroen Massar on Saturday, 04 October 2003 01:24:55
The endpoint of your tunnel changed at 09:45:30, 3 minutes after above tcpdump.
As you did a grep there could be a lot of intermediate icmp errors and other errors which are not shown in the output you are now showing.
"tcpdump -Xns 1500 -i ppp0 host nlams01.sixxs.net or proto icmp"
would show more information. not filtering might even reveal some other currently hidden diagnostics.
Next to that you are trying to route 3ffe:0bc0:034d:0001:0220:edff:fe51:a09a over your tunnel. Only the prefixes assigned to your tunnel will be routed.
Linux: unable to stop tunnel from being "connection-tracked"
Shadow Hawkins on Saturday, 04 October 2003 17:39:16
I did indeed change the tunnel endpoint (by restarting my adsl-connection) 3 minutes after the initial tcpdump, simply because that is currently the only way for me to get my tunnel back in working order.
But I don't really see the connection between changing the endpoint and my problems.
The routing of the other address was a remnant of my freenet6 tunnel. Should be solved now.
I have since run 2 tcpdumps without any grepping at all.
Warning, this has generated a lot of output.
Listing 1 below is with a background ping6 running. In it you can see that gw-150.ams-01.nl.sixxs.net successfully ping6's my endpoint starting at 10:31:11.204698.
Listing 2 below is without a background ping6 running and but with the connection still present in my connection tracking table (typically for 600sec after my last ping6).
You will notice that there is *no* evidence of an attempt to ping6 my tunnel endpoint by gw-150.ams-01.nl.sixxs.net, which should have been there around 9:31. Shortly thereafter the tunnel was apparently closed by nlams01.sixxs.net, because subsequent ping6's from my tunnel endpoint to the tunnelbroker fail.
The lack of this ping6 cannot be caused by my firewall rules, for they are set to accept everything to/from the tunnelbroker IPv4 address and a tcpdump intervenes in the TCP/IP stack before any firewall rules are active.
I do not understand why these ping6's are not there.
Somebody please enlighten me.
:?
Listing1:
--------
10:30:29.384513 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:29.417941 80.200.77.248.1040 > 213.197.27.252.3740: udp 93 (DF)
10:30:30.367328 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:30.395362 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:31.377300 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:31.405333 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:32.387319 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:32.415686 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:33.397296 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:33.422802 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:34.407305 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:34.433022 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:35.417335 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:35.443870 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:36.427296 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:36.454218 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:37.437297 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:37.464438 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:38.447298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:38.474906 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:39.457306 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:39.485506 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:40.467317 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:40.496228 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:41.477303 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:41.502979 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:42.487298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:42.513319 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:43.497325 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:43.523915 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:44.507302 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:44.534018 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:45.517318 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:45.544368 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:46.527297 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:46.554839 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:47.537296 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:47.565698 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:48.547305 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:48.576029 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:49.557304 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:49.583046 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:50.567320 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:50.593125 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:51.577296 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:51.604721 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:51.758769 193.191.137.140.500 > 80.200.77.248.500: isakmp: phase 1 I ident: [|sa] (DF)
10:30:51.759113 80.200.77.248 > 193.191.137.140: icmp: 80.200.77.248 udp port 500 unreachable [tos 0xc0]
10:30:52.587315 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:52.614933 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:53.597298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:53.625035 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:54.607305 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:54.635133 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:55.232582 10.1.0.26.38592 > 172.24.198.75.ssh: . ack 1 win 32832 <nop,nop,timestamp 39412614 276586254> (DF) [tos 0x10]
10:30:55.617312 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:55.645609 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:56.627297 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:56.655833 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:57.637299 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:57.662459 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:58.647298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:58.673795 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:30:59.657306 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:30:59.683897 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:00.667312 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:00.694247 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:01.677304 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:01.704350 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:02.687300 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:02.714954 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:03.697307 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:03.725416 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:04.707326 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:04.736132 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:05.717319 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:05.743130 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:06.727298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:06.753107 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:07.737299 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:07.763703 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:08.747299 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:08.774295 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:09.757303 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:09.784392 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:10.767319 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:10.795117 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:11.204698 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:11.204990 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:11.777306 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:11.805584 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:12.787306 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:12.816307 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:13.797294 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:13.826033 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:14.245177 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:14.245464 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:14.807306 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:14.833155 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:15.817317 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:15.843627 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:16.827318 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:16.854228 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:17.315432 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:17.315719 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:17.837309 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:17.864573 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:18.847295 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:18.874549 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:19.857325 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:19.885025 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:20.385578 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:20.385874 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:20.867309 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:20.895866 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:21.877297 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:21.903229 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:22.887298 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:22.912835 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:23.446014 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:23.446309 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:23.897308 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:23.923556 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:24.907301 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:24.934027 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:25.917316 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:25.944623 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:26.506358 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:26.506645 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:26.927312 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:26.954855 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:27.937300 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:27.965326 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:28.947318 80.200.77.248 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
10:31:28.975555 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
10:31:29.427810 80.200.77.248.1040 > 213.197.27.252.3740: udp 93 (DF)
10:31:29.566692 213.197.27.252 > 80.200.77.248: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
1
Listing2:
--------
09:27:47.517317 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:27:47.544970 213.197.27.252 > 80.201.19.101: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
09:27:47.997836 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:27:48.527316 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:27:48.554949 213.197.27.252 > 80.201.19.101: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
09:27:49.537330 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:27:49.565416 213.197.27.252 > 80.201.19.101: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
09:27:50.547283 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:27:50.575888 213.197.27.252 > 80.201.19.101: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
09:27:51.557303 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:27:51.586109 213.197.27.252 > 80.201.19.101: gw-150.ams-01.nl.sixxs.net > cl-150.ams-01.nl.sixxs.net: icmp6: echo reply (DF)
09:27:52.567309 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:29:48.017837 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:30:48.027952 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:31:48.037815 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:32:48.047821 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:33:48.057844 80.201.19.101.1040 > 213.197.27.252.3740: udp 93 (DF)
09:33:48.989369 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:50.007288 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:51.007301 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:52.007301 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:53.007289 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:54.007310 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:55.007291 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:56.007290 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:57.007293 80.201.19.101 > 213.197.27.252: cl-150.ams-01.nl.sixxs.net > gw-150.ams-01.nl.sixxs.net: icmp6: echo request (DF)
09:33:58.097202 80.201.19.101.38425 > 205.188.12.24.5190: P 114:120(6) ack 1 win 17425 (DF)
09:33:58.392036 205.188.12.24.5190 > 80.201.19.101.38425: . ack 120 win 16384 (DF)
Linux: unable to stop tunnel from being "connection-tracked"
Jeroen Massar on Sunday, 04 January 2004 01:37:51
There is also a net.ipv4.netfilter.ip_conntrack_generic_timeout setting, one might want to set that to an infinitly high number or at least as high that one knows for certain that a packet will be crossing the tunnel)
Posting is only allowed when you are logged in. |