Now my little bandwidth-monitor project for OpenWRT and Linux Routers is pretty complete.
It supports Adguard Home, Pi-hole and nextdns.io for the DNS tab. And has a Unifi integration to get the Wifi Status. (Might add Omada later)
Additionally I added a Speedtest capability and some Debugging Features.
Also you can see your #Conntrack #NAT status.
Many products at Cloudflare aren’t possible without pushing the limits of network hardware and software to deliver improved performance, increased efficiency, or novel capabilities such as soft-unicast, our method for sharing IP subnets across data centers. Happily, most people do not need to know the intricacies of how your operating system handles network and Internet access in general. Yes, even most people within Cloudflare. But sometimes we try to push well beyond the design intentions of Linux’s networking stack. This is a story about one of those attempts.
2/2
⚙️ Por esto es que podemos configurar un #firewall stateful con protocolos sin handshake.
⚙️ Obviamente no se bloquea UDP por defecto, y no, UDP no tiene handshake ni conexión en TCP/IP.
En fin, las conexiones en protocolos de #TCPIP y las conexiones que identifica #netfilter con #conntrack no son las mismas.
Espero que se entienda! cualquier duda me comentan 💬
Gracias a todos/as por participar! 🤗
+info 👇
🔗 https://juncotic.com/firewall-stateful-vs-stateless-diferencias-y-aplicaciones/
1/2
Hola comunidad!👋
Feedback de la encuesta de la semana pasada!
🟢 Un paquete de respuesta es conexión para conntrack
A nivel #TCPIP, #UDP es un protocolo de transporte sin conexión, pero a nivel #netfilter, un paquete de respuesta se considera parte de una conexión establecida.
Por eso es que podemos seguir "conexiones" #icmp o #ip, que son protocolos sin handshake también.
De hecho, el "syn-ack" de #tcp ya es conexión para #conntrack, por más que no sea (todavía) una conexión TCP 😜
🧵
Today in "how did my life decisions lead me here?", diagnosing hanging TCP connections from a NATed container through another layer of NAT on my router up to the internet. With two different kernels and three network stacks involved (calico, the bare linux stack, and FreeBSD/OPNSense).
Of course the issue is pretty random (though it seems to always end up happening), and I can only really narrow it down to an IP range where I have some MBps of sustained traffic all through the chain, making packet captures... On the large side.
This all feels pretty manual. Any tool recommendations to
- dump conntrack states in an exploitable format?
- match tcpdump traces with recorded conntrack states?
- align and compare tcpdump traces at multiple points in a chain?
- analyze issues in tcp sessions that I've captured?
So far I've used #conntrack #wireshark #tcpdump, but still haven't managed to nail it.
awlnx
GripNews
Diego Córdoba 🇦🇷
Nicolas Dandrimont
Bang