* Connection tracking issues!!
[not found] <428a4b34.1deda931.20f0.6f9fSMTPIN_ADDED@mx.gmail.com>
@ 2005-05-18 6:22 ` Visham Ramsurrun
2005-05-18 10:50 ` Mohamed Eldesoky
2005-05-18 15:23 ` Jason Opperisano
0 siblings, 2 replies; 3+ messages in thread
From: Visham Ramsurrun @ 2005-05-18 6:22 UTC (permalink / raw)
To: netfilter
Hi to all,
I read in the IPTables tutorial by Oskar Andreasson that the
connection tracking does not follow the flow of a TCP connection. If I
go with this, it means that after the SYN/ACK packet passes through
the stateful firewall, the connection is set to ESTABLISHED.
But it also says that it's only after the ACK packet has passed
through the stateful firewall that the connection is considered
ESTABLISHED. When SYN/ACK is received the flag is changed to SYN_RECV
and not ESTABLISHED.
Which one is good?
Also, I wanted to know if connection tracking still works for a TCP
connection where the SYN packet passes through stateful firewall FW1,
the SYN/ACK packet passes through stateful firewall FW2, the ACK
passes again through FW1 and the first data packet passes through FW2.
Is the connection considered as ESTABLISHED at that point on both
firewalls?
Any input will be very much appreciated..
Warm regards,
Visham
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Connection tracking issues!!
2005-05-18 6:22 ` Connection tracking issues!! Visham Ramsurrun
@ 2005-05-18 10:50 ` Mohamed Eldesoky
2005-05-18 15:23 ` Jason Opperisano
1 sibling, 0 replies; 3+ messages in thread
From: Mohamed Eldesoky @ 2005-05-18 10:50 UTC (permalink / raw)
To: Visham Ramsurrun; +Cc: netfilter
On 5/18/05, Visham Ramsurrun <vishamr2000@gmail.com> wrote:
> Hi to all,
> Also, I wanted to know if connection tracking still works for a TCP
> connection where the SYN packet passes through stateful firewall FW1,
> the SYN/ACK packet passes through stateful firewall FW2, the ACK
> passes again through FW1 and the first data packet passes through FW2.
> Is the connection considered as ESTABLISHED at that point on both
> firewalls?
>
Curious to know that topolgy.
> Any input will be very much appreciated..
>
> Warm regards,
> Visham
>
>
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Connection tracking issues!!
2005-05-18 6:22 ` Connection tracking issues!! Visham Ramsurrun
2005-05-18 10:50 ` Mohamed Eldesoky
@ 2005-05-18 15:23 ` Jason Opperisano
1 sibling, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2005-05-18 15:23 UTC (permalink / raw)
To: netfilter
On Wed, May 18, 2005 at 10:22:20AM +0400, Visham Ramsurrun wrote:
> Also, I wanted to know if connection tracking still works for a TCP
> connection where the SYN packet passes through stateful firewall FW1,
> the SYN/ACK packet passes through stateful firewall FW2, the ACK
> passes again through FW1 and the first data packet passes through FW2.
> Is the connection considered as ESTABLISHED at that point on both
> firewalls?
absolutely not.
-j
--
"Baliff: Do you swear to tell the truth, the whole truth, and nothing
but the truth?
Peter: I do... ya bastard."
--Family Guy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-18 15:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <428a4b34.1deda931.20f0.6f9fSMTPIN_ADDED@mx.gmail.com>
2005-05-18 6:22 ` Connection tracking issues!! Visham Ramsurrun
2005-05-18 10:50 ` Mohamed Eldesoky
2005-05-18 15:23 ` Jason Opperisano
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.