Connection tracking issues!! - Visham Ramsurrun

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Visham Ramsurrun <vishamr2000@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Connection tracking issues!!
Date: Wed, 18 May 2005 10:22:20 +0400	[thread overview]
Message-ID: <9927912d0505172322c98d013@mail.gmail.com> (raw)
In-Reply-To: <428a4b34.1deda931.20f0.6f9fSMTPIN_ADDED@mx.gmail.com>

Hi to all,

I read in the IPTables tutorial by Oskar Andreasson that the
connection tracking does not follow the flow of a TCP connection. If I
go with this, it means that after the SYN/ACK packet passes through
the stateful firewall, the connection is set to ESTABLISHED.

But it also says that it's only after the ACK packet has passed
through the stateful firewall that the connection is considered
ESTABLISHED. When SYN/ACK is received the flag is changed to SYN_RECV
and not ESTABLISHED.

Which one is good?

Also, I wanted to know if connection tracking still works for a TCP
connection where the SYN packet passes through stateful firewall FW1,
the SYN/ACK packet passes through stateful firewall FW2, the ACK
passes again through FW1 and the first data packet passes through FW2.
Is the connection considered as ESTABLISHED at that point on both
firewalls?

Any input will be very much appreciated..

Warm regards,
Visham

next      parent reply	other threads:[~2005-05-18  6:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <428a4b34.1deda931.20f0.6f9fSMTPIN_ADDED@mx.gmail.com>
2005-05-18  6:22 ` Visham Ramsurrun [this message]
2005-05-18 10:50   ` Connection tracking issues!! Mohamed Eldesoky
2005-05-18 15:23   ` Jason Opperisano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9927912d0505172322c98d013@mail.gmail.com \
    --to=vishamr2000@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.