Hi Florian, please is it a bug the rules did not work in the raw table or was it my configuration error? If it is a bug is it a bug of kernel or userspace? If it was my configuration error, should not be the rules moved to the filter table? How is it possible that using iptables-nft the rules are added to the raw table and it is working? Thanks Marek 2020-06-21 12:45 GMT+02:00, Florian Westphal <fw@xxxxxxxxx>: > Marek Greško <mgresko8@xxxxxxxxx> wrote: >> Hello, >> >> unfortunately the helper is not there: >> >> conntrack -L | grep sip -> no output >> >> It is strange, that if I use iptables-nft it is working. Some userspace >> problem? > > No, looks more like a kernel bug to me, I will have a look on > Monday. > > In mean time, you can work around this bug by removing the entire "ip > raw" / "ct set" stuff. > > and then use: > sysctl net.netfilter.nf_conntrack_helper=1 > > to re-enable the old auto-assign behaviour. >
