On Thu, Feb 17, 2022 at 02:01:49PM +0900, Christian Balzer via Exim-users wrote > If found it excruciatingly hard to correlate tcpdump and nf_conntrack > flows,
These data can be related via timestamps, they may be enabled for conntrack output: conntrack -o timestamp,ktimestamp -E ... Note that timestamping for kernel module should be enabled via option net.netfilter.nf_conntrack_timestamp (read man conntrack for details). > but those ICMP6 destination unreachable packets are the result of > the local iptables rejecting a connection to port 43922 (the originating > outbound SMTP session from here), something it allowed for the first 2 > seconds just fine. > > The: > --- > -A INPUT -p icmpv6 -j ACCEPT > -A INPUT -i bond+ -m state --state ESTABLISHED,RELATED -j ACCEPT > --- No rejection rules here. Look for your iptables rules to find sources of rejection, then insert logging rules to debug. -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
