Marek Greško <mgresko8@xxxxxxxxx> wrote: > Hello, > > unfortunately the helper is not there: > > conntrack -L | grep sip -> no output > > It is strange, that if I use iptables-nft it is working. Some userspace problem? No, looks more like a kernel bug to me, I will have a look on Monday. In mean time, you can work around this bug by removing the entire "ip raw" / "ct set" stuff. and then use: sysctl net.netfilter.nf_conntrack_helper=1 to re-enable the old auto-assign behaviour.
