FTP and connection tracking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Hans Jorgensen" <jorgensenhans@hotmail.com>
To: netfilter-devel@lists.netfilter.org
Subject: FTP and connection tracking
Date: Fri, 13 Dec 2002 15:16:10 +0100	[thread overview]
Message-ID: <F445ldfZWjSeKg1bzuD00006800@hotmail.com> (raw)

Dear list

I am currently developing an application which is using DNAT and 
masquerading. First an incoming packet is DNAT'ed to have as specific dest. 
ip. The it is masquerading when it is leaving the decided interface.

This works fine, but when I use FTP, the following shows up in the kernel 
log:

<4>ip_conntrack_in: related packet for c3a22310
<4>nat_expected: We have a connection!
<4>nat_expected: PASV cmd. 192.168.1.254->192.168.4.1
<4>nat_expected: IP to 192.168.4.1
<4>Found best for tuple c3d69db8: 6 10.0.0.8:1026 -> 192.168.4.1:11697
<4>nat_expected: We have a connection!
<4>nat_expected: PASV cmd. 192.168.1.254->192.168.4.1
<4>nat_expected: IP to 192.168.1.254
<4>Found best for tuple c3d69cf0: 6 192.168.1.254:1026 -> 192.168.4.1:11697
<4>Altering reply tuple of c3a22310 to tuple c3d69cd0: 6 192.168.4.1:11697 
-> 192.168.1.254:1026
<4>Mangling c3ad4140: SRC to 192.168.1.254 1026
<4>Confirming conntrack c3a22310

My question is:
Why does: "We have a connection!" and the following lines show up two times? 
Is the connection data traversing the same chain twice?

Does anybody know where I can find more information on how the code in 
connection tracking and NAT works?

Thanks in advance.

/Hans

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

next             reply	other threads:[~2002-12-13 14:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-13 14:16 Hans Jorgensen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-12-17  8:09 FTP and connection tracking Haitao Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=F445ldfZWjSeKg1bzuD00006800@hotmail.com \
    --to=jorgensenhans@hotmail.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.