also sprach Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> [2008.04.04.1819 +0200]: >> Note, however, that the 2.6.18 kernel modules exist and everything >> can be set up without errors, it then just doesn't work. > > This is getting confused. Didn't you wrote "I can confirm that nf_* > modules are not present in Debian's 2.6.18" ? No, nf_* are not, but ip_conntrack_* are and there is no error when I load a -m state rule with ip6tables. > But you reply him that "this is still the case with 2.6.24." > So what exactly is wrong with IPv6 conntrack in 2.6.24 ? > > On which pre-2.6.24 versions - besides Debian's 2.6.18 image which > has IPv6 conntrack support disable at build time, this is not > a bug but a feature - do you see an IPv6 conntrack bug such as > the "don't seem to register OUTGOING packets in the connection > table" bug you described ? Yes, http://marc.info/?l=netfilter&m=120717177831833&w=2 Other than that, this thread was to find out whether work has been done on IPv6 conntrack since 2.6.18. And apparently in 2.6.22, it's not fixed: http://marc.info/?l=netfilter&m=120721692500732&w=2 or is this just a Debian issue? CONFIG_NF_CONNTRACK_IPV6=m is set in 2.6.22. > AFAIK, the only improvement in the area of this thread is that an error > "can't load conntrack support for proto=10" is triggered when you try to > use the 'state' match in ip6tables if the kernel is built with > ip_conntrack, thus lacks IPv6 conntrack support. Good. It *does* work on 2.6.24, so I guess we can close this thread. -- martin | http://madduck.net/ | http://two.sentenc.es/ "when a woman marries again it is because she detested her first husband. when a man marries again it is because he adored his first wife. women try their luck; men risk theirs." -- oscar wilde spamtraps: madduck.bogus@xxxxxxxxxxx
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
