[Debian] CONFIG_NF_CONNTRACK_IPV6

maximilian attems max at stro.at
Sun Dec 12 12:44:13 EST 2010


On Sun, 12 Dec 2010, Cédric Schieli wrote:

> 2010/12/12 maximilian attems <max at stro.at>:
> > On Sat, 11 Dec 2010, Cédric Schieli wrote:
> >
> >> Hello,
> >>
> >> What is the current status of NF_CONNTRACK_IPV6 in OpenVZ ?
> >> According to this post
> >> (http://openvz.org/pipermail/debian/2010-March/000647.html) some
> >> iptables fixes were still needed.
> >> I rebuilt current Squeeze OpenVZ kernel (2.6.32-28) with
> >> CONFIG_NF_CONNTRACK_IPV6 turned on and it seems to work like a charm.
> >> (I'm using shorewall6 inside and outside VEs)
> >> If nothing is blocking it anymore, could it be turned on in a future
> >> kernel release ?
> >
> > I am happy to turn it on, if it's working, will do so for next upload.
> >
> > thanks for your testing.
> >
> 
> After some more testing, it turns out to not work that well in VEs,
> while all is ok in VE0.
> Connections (to VE) are correctly marked as ESTABLISHED and ASSURED in
> /proc/net/nf_conntrack, but RELATED packets are not matched as such by
> VE's iptables rules. But it seems not ipv6 related as I get the same
> behaviour with ipv4 iptables rules. Is it supposed to work in the ipv4
> case ?

please do a proper bugreport with the details.
>From aboves it is a bit hard to try to reproduce what you are trying to do.
Use bugzilla.openvz.org

-- 
maks



More information about the Debian mailing list