Marco d'Itri wrote: > When I try to start conntrackd (0.9.6 and 0.9.7, from the Debian > packages), it dies with this message: > > Error parsing config file: line (58), symbol 'CacheWriteThrough': syntax error > > What's wrong? > > I have a pair of firewalls running quagga and OSPF announcing the > network behind them to my network core and keepalived managing a > virtual gateway on it, so I need an active-active setup because > traffic can enter the protected network from any of the firewalls. Sorry, this setup is no longer supported. At least until we find a sane way to do it. See http://conntrack-tools.netfilter.org/manual.html. Also see: http://marc.info/?l=netfilter&m=122164806109759&w=2 Anyway, about your problem: > This is my configuration file: [...] > > # Replicate ESTABLISHED TIME_WAIT for TCP > Replicate ESTABLISHED TIME_WAIT Missing "for TCP" confuses the parsing? > # If you have a multiprimary setup (active-active) without connection > # persistency, ie. you can't know which firewall handles a packet > # that is part of a connection, then you need direct commit of > # conntrack entries to the kernel conntrack table. OSPF setups must > # set on this option. Default is Off. > # > CacheWriteThrough On > } -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
