Re: OT: IPTABLES TCP/IP ip_conntrack Record

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/30/05, Mark Sargent <powderkeg@xxxxxxxxxxxxxxxx> wrote:
> Hi All,
> 
> am studying IPTABLES and am curious about this section,
> 
> ****************************
> 
[snip]
> 
> tcp      6 117 SYN_SENT src=192.168.1.5 dst=192.168.1.35 sport=1031 \
>     dport=23 [UNREPLIED] src=192.168.1.35 dst=192.168.1.5 sport=23 \
>     dport=1031 use=1
> 
[snip]
> 
> tcp      6 57 SYN_RECV src=192.168.1.5 dst=192.168.1.35 sport=1031 \
>     dport=23 src=192.168.1.35 dst=192.168.1.5 sport=23 dport=1031 \
>     use=1
> 
[snip]
> 
> tcp      6 431999 ESTABLISHED src=192.168.1.5 dst=192.168.1.35 \
>     sport=1031 dport=23 src=192.168.1.35 dst=192.168.1.5 \
>     sport=23 dport=1031 [ASSURED] use=1
> 
> 
> *************************
> 
> In the 1st entry, the expected source ip and destination ip,
> 
> src=192.168.1.35 dst=192.168.1.5
> 
> 
> are still the expected src dest ip in the 2nd entry, syn/ack entry.
> Shouldn't they be the other way round.? Perhaps I'm misunderstanding
> it.? My understanding, is, that the syn_sent packet orignates from
> 192.168.1.5 and the syn_recv packet originates from 192.168.1.35, no.?

This is connection tracking.  Your perspective is packet level.

The tcp connection is initiated by the one system, the source, of the
connection.  The fact that the actual traffic is bi-directional, and
the source and destination IP address, and respective ports, will
change on a packet basis is understood.


-- 
Leonard Isham, CISSP 
Ostendo non ostento.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux