On Sun, Feb 12, 2017 at 01:30:52PM +0100, Michael Weiser wrote: [...] > What's bugging me is that I still don't see an expectation being > created with conntrack -L expect. It's very unlikely to see FTP expectation via conntrack -L since they are created and destroyed very quickly if you are testing with a FTP client. You can probably watch it there by manually creating a connection via netcat, and talk FTP, eg. $ nc ftp.netfilter.org 21 220 ProFTPD 1.3.5 Server (netfilter/iptables FTP site) [::ffff:150.214.142.16 ] USER anonymous 331 Anonymous login ok, send your complete email address as your password PASS nothing PASV # conntrack -L expect 299 proto=6 src=192.168.2.195 dst=150.214.142.167 sport=0 dport=49926 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.2.195 master-dst=150.214.142.167 sport=46532 dport=21 class=0 helper=ftp conntrack v1.4.4 (conntrack-tools): 1 expectations have been shown. So `conntrack -E expect' is likely a better option for the debugging purposes you need. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
