This command changes 1 to 0, but after sometime this value reverts to 1. I search for solution to turn it off without auto re-enabling. If this enabled, I get this message in dmesg:
nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
2. Also I get one more strange message in dmesg:
ath: phy0: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x42100020 DMADBG_7=0x000286c1
What could be the reason for this message to appear and how to solve it? During this message I am experiencing connection issues.
I am using TP-Link WR1043ND v1 and build 3.10.108-dd #49299
Probably these issues are not directly related to DD-WRT, but Linux system services and ath9k driver, however there is some DD-WRT specifics I assume:
echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper
This solution for disabling deprecated nf_conntrack_helper I found on Internet several times, but on DD-WRT something re-enables it.
As for ath9k DMA failed message - maybe someone struggled with this issue and has positive experience. The only thing I found - disable "Active Noise Immunity" - but this didn't help.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Tue Sep 14, 2021 14:57 Post subject:
jester322 wrote:
I am using TP-Link WR1043ND v1 and build 3.10.108-dd #49299
Probably these issues are not directly related to DD-WRT, but Linux system services and ath9k driver, however there is some DD-WRT specifics I assume:
echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper
This solution for disabling deprecated nf_conntrack_helper I found on Internet several times, but on DD-WRT something re-enables it.
As for ath9k DMA failed message - maybe someone struggled with this issue and has positive experience. The only thing I found - disable "Active Noise Immunity" - but this didn't help.
The build number is more useful in this respect.
Recent builds have an Administration/Sysctl page take a look if this settings is available there.
If you can set it there it will stay.
If it is not available there set that rule in Administration/Commands and save as Firewall.
If the firewall restarts that rule will be applied again.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Sep 14, 2021 15:05 Post subject:
log in via Telnet/SSh
nvram show | grep nf_conntrack --- to find it as a value
than issue those commands:
nvram set nf_conntrack_helper=0
nvram commit
as the others said its a normal to have it in the syslog..so, nothing to be worried about, unless you have a very specific reason...bear in mind its a part of the netfilter functinality _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Tue Sep 14, 2021 15:15; edited 2 times in total
Doing that can break netfilter. That message is about netfilter kernel modules that are loaded on boot. It's like disabling the firewall on an edgerouter. _________________ An old man said, “Erasers are made for those who make mistakes.” A youth replied, “Erasers are made for those who are willing to correct their mistakes!” Attitude matters! ~ Anonymous
----------
“You are always a student, never a master. You have to keep moving forward.” ~ Conrad Hall
----------
“Life is about moving on, accepting changes and looking forward to what makes you stronger and more complete.” ~ Anonymous
Thank you for responses. I searched for nf_conntrack* variables in nvram and there is none of them present. I supposed these nf_conntrack_helpers are primarily done for very specific protocols such as SIP, H.323 etc.
Assumption was if they use router resources which may lead to dmesg messages and probably connection issues, I thought to disable them. From your replies I understand that these helpers are needed to have firewall functionality, and most probably they have no performance impact.
It's a Linux 3.x-specific warning that informs you of an upcoming change; it's a benign log message. No need to freak out about it. _________________ An old man said, “Erasers are made for those who make mistakes.” A youth replied, “Erasers are made for those who are willing to correct their mistakes!” Attitude matters! ~ Anonymous
----------
“You are always a student, never a master. You have to keep moving forward.” ~ Conrad Hall
----------
“Life is about moving on, accepting changes and looking forward to what makes you stronger and more complete.” ~ Anonymous
<6>[ 1928.070000] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
I can assure you guys it ain't nothing to worry with.
AND
I don't see it on the EA8500...but that fat girl uses the k4.9