conntrackd setup – sync states across nodes

install | setup | routing states

tested on debian12

warning // lessons learned

it’s better to use a casual debian kernel for once. you may experience issues with custom kernels (not sure the official doc states all required modules).

requirements

grep CONNTRACK /boot/config-`uname -r`

    mv -i /etc/sysctl.conf /etc/sysctl.conf.dist
    vi /etc/sysctl.conf

none of those are required as for kernel v6.1

# state tracker legacy tweaks
#net.netfilter.nf_conntrack_tcp_be_liberal = 0
#net.netfilter.nf_conntrack_tcp_loose = 0
#net.netfilter.nf_conntrack_helper = 0

    #sysctl -p

install

see install

setup

cd /etc/
mv -i nftables.conf nftables.conf.dist
chmod -x nftables.conf.dist

cd /etc/conntrackd/
mv -i conntrackd.conf conntrackd.conf.dist
grep -vE '^[[:space:]]*#|^$' conntrackd.conf.dist > conntrackd.conf.clean
grep -vE '^[[:space:]]*#|^$' conntrackd.conf.dist > conntrackd.conf

see routing sates

ready to go

tail -F /var/log/conntrackd.log

debian

systemctl restart nftables
systemctl restart conntrackd

systemctl status nftables # enabled
systemctl status conntrackd # enabled

slackware

    vi /etc/rc.d/rc.inet1

    echo netfilter and states tracker
    nft -f /etc/nftables.conf && /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d

resources

https://conntrack-tools.netfilter.org/manual.html

https://conntrack-tools.netfilter.org/testcase.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun