News Profile Code Photography Looking Glass Projects System Statistics Uncategorized
Present Location: News >> Blog >> ip_conntrack

Blog
> ip_conntrack
Posted by prox, from Charlotte, on May 30, 2005 at 15:46 local (server) time

Check this out.

Linksys box running OpenWRT, no iptables rules (default to ACCEPT), I'll ping through it:

PING laplace.prolixium.com (10.3.4.5) 56(84) bytes of data.
64 bytes from laplace.prolixium.com (10.3.4.5): icmp_seq=1 ttl=63 time=1.39 ms
64 bytes from laplace.prolixium.com (10.3.4.5): icmp_seq=2 ttl=63 time=1.53 ms

Now, I execute the following:

# iptables -A FORWARD -m state --state NEW -j LOG

And get this:

PING laplace.prolixium.com (10.3.4.5) 56(84) bytes of data.
64 bytes from laplace.prolixium.com (10.3.4.5): icmp_seq=1 ttl=63 time=15.0 ms
64 bytes from laplace.prolixium.com (10.3.4.5): icmp_seq=2 ttl=63 time=15.0 ms

ip_conntrack needs a rewrite.  Now I realize why IPv6 conntrack isn't out yet.  Lessie, 4x the bits ... mmm latency.

> Add Comment

New comments are currently disabled for this entry.

XHTML 1.0 ValidCSS ValidRSS 2.0Powered by FreeBSDIPv4 This HTML for this page was generated in 0.001 seconds.