Eugene Crosser <crosser@xxxxxxxxxxx> wrote: > It would seem that you have an existing filter that drops packets and > prevents creation of conntrack entries? I can reproduce the behaviour on > freshly installed Debian and Ubuntu VMs without any modifications, with and > without `unshare`. FWIW, this was due to different default setting of rp_filter. Adding sysctl net.ipv4.conf.all.rp_filter=0 sysctl net.ipv4.conf.default.rp_filter=0 to start of script makes it work on my side too.
