Unable to read entries in ip_conntrack file!!

visham · #1 9th May 2007, 08:32 AM

Hi to all,

I'm trying to see the connections established on a firewall by looking at the contents of the file ip_conntrack by using this command:

Code:

cat /proc/net/ip_conntrack

The rules used on the firewall are:

Code:

iptables -P FORWARD DROP
iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.0/24 -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

I have chosen all the modules related to connection tracking in my 2.6.20.4 kernel on the firewall machine. I'm using iptables 1.3.7 and Fedora Core 5.

What might be going wrong>

Warm regards,
Visham

ibbo · #2 9th May 2007, 03:10 PM

Permision denied error perhaps? Login as root and try again.

ibbo

visham · #3 11th May 2007, 11:58 AM

Hi to all,

I have built the iptables modules in my 2.6.20.4 kernel itself. Is that what might be causing the fact that I am unable to see the contents of the ip_conntrack file? Should I select the options as modules?

Warm regards,
Visham

w5set · #4 13th May 2007, 03:58 AM

http://forum.fedoraforum.org/forum/s...restarter+root
maybe ip_connrtrack is now nf_conntrack in newer kernels?

visham · #5 14th May 2007, 06:19 AM

To w5set: No the module ip_conntrack has changed to nf_conntrack now, but the /proc/net/ip_conntrack file hasnt changed. This is the file that contains the info regarding active connections.

It works when I compile the things needed for connection tracking as modules, and not in the kernel image directly..dont know why though!!

Many thx to all who have replied and tried to help...much appreciated.

Warm regards,
Visham