What tool shows /proc/net/nf_conntrack
Kevin Fenzi
kevin at scrye.com
Sat Aug 27 23:50:49 UTC 2011
On Sat, 27 Aug 2011 19:46:12 -0400
Sam Varshavchik <mrsam at courier-mta.com> wrote:
> I forwarded a port, using system-config-firewall.
>
> The destination machine, not surprisingly, shows the IP address of
> the firewall as the source of the connection. The goal is obtaining
> the connection's real source IP. However, on the firewall the
> forwarded connection isn't reported anywhere by netstat or ss.
This is a DNAT forward? it should show the IP of whatever machine is
sending the request, not the firewall box in the middle.
> After poking around, I found what I was looking for in
> /proc/net/nf_conntrack. The forwarded connection was listed there,
> showing the connection's real source IP.
>
> But grepping through /proc/net/nf_conntrack seems to be rather
> quaint. Neither netstat's nor ss's man page hint at any option that
> would report on /proc/net/nf_conntrack in some user-friendly fashion.
> Is there some other admin utility that does?
conntrack-tools has a 'conntrack' command line tool.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110827/8190e6ba/attachment.bin
More information about the users
mailing list