OT: IPTABLES TCP/IP ip_conntrack Record
Leonard Isham
leonard.isham at gmail.com
Tue Aug 30 12:24:19 UTC 2005
On 8/30/05, Mark Sargent <powderkeg at snow.email.ne.jp> wrote:
> Hi All,
>
> am studying IPTABLES and am curious about this section,
>
> ****************************
>
[snip]
>
> tcp 6 117 SYN_SENT src=192.168.1.5 dst=192.168.1.35 sport=1031 \
> dport=23 [UNREPLIED] src=192.168.1.35 dst=192.168.1.5 sport=23 \
> dport=1031 use=1
>
[snip]
>
> tcp 6 57 SYN_RECV src=192.168.1.5 dst=192.168.1.35 sport=1031 \
> dport=23 src=192.168.1.35 dst=192.168.1.5 sport=23 dport=1031 \
> use=1
>
[snip]
>
> tcp 6 431999 ESTABLISHED src=192.168.1.5 dst=192.168.1.35 \
> sport=1031 dport=23 src=192.168.1.35 dst=192.168.1.5 \
> sport=23 dport=1031 [ASSURED] use=1
>
>
> *************************
>
> In the 1st entry, the expected source ip and destination ip,
>
> src=192.168.1.35 dst=192.168.1.5
>
>
> are still the expected src dest ip in the 2nd entry, syn/ack entry.
> Shouldn't they be the other way round.? Perhaps I'm misunderstanding
> it.? My understanding, is, that the syn_sent packet orignates from
> 192.168.1.5 and the syn_recv packet originates from 192.168.1.35, no.?
This is connection tracking. Your perspective is packet level.
The tcp connection is initiated by the one system, the source, of the
connection. The fact that the actual traffic is bi-directional, and
the source and destination IP address, and respective ports, will
change on a packet basis is understood.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list