You are not logged in.

#1 2022-09-09 08:32:10

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

[SOLVED] sysctl net.netfilter.nf_conntrack_helper not set on boot

So, I want to enable net.netfilter.nf_conntrack_helper = 1 via sysctl:
I have configured:

$ grep -r . /etc/sysctl.d
/etc/sysctl.d/99-conntrack.conf:net.netfilter.nf_conntrack_helper = 1
/etc/sysctl.d/30-ipforward.conf:net.ipv4.ip_forward = 1
/etc/sysctl.d/30-ipforward.conf:net.ipv6.conf.default.forwarding = 1
/etc/sysctl.d/30-ipforward.conf:net.ipv6.conf.all.forwarding = 1

After a reboot:

 $ sysctl net.netfilter.nf_conntrack_helper
net.netfilter.nf_conntrack_helper = 0
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
$ sysctl net.ipv6.conf.default.forwarding
net.ipv6.conf.default.forwarding = 1
$ sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
$ 

Why is it not set automatically?
I can set it manually, but I'd prefer it to be set on each boot automatically.

$ sysctl net.netfilter.nf_conntrack_helper=1
net.netfilter.nf_conntrack_helper = 1
$ sysctl net.netfilter.nf_conntrack_helper 
net.netfilter.nf_conntrack_helper = 1

PS: I found:

$ journalctl -b | grep conntrack
Sep 09 10:18:11 cshsrv systemd-sysctl[1393]: Couldn't write '1' to 'net/netfilter/nf_conntrack_helper', ignoring: No such file or directory
Sep 09 10:18:28 cshsrv dnsmasq[1673]: Optionen bei Übersetzung: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile

What's going on there?

Solution
Ugh, I forgot to explicitly load the respective module.
Creating /etc/modules-load.d/nf-conntrack.conf containing

nf_conntrack_ftp

Solved the issue.

Last edited by schard (2022-09-09 08:38:58)

Offline

#2 2022-09-14 01:58:39

ectospasm
Member
Registered: 2015-08-28
Posts: 273

Re: [SOLVED] sysctl net.netfilter.nf_conntrack_helper not set on boot

schard wrote:

Solution
Ugh, I forgot to explicitly load the respective module.
Creating /etc/modules-load.d/nf-conntrack.conf containing

nf_conntrack_ftp

Solved the issue.

That would do it!  I usually put the solution/tl;dr at the top of the original post, so readers don't have to slog through everything to see what fixed it.

Last edited by ectospasm (2022-09-14 02:02:16)

Offline

Board footer

Powered by FluxBB