* what is conntrack & how ipchains works without it?!?
@ 2002-07-10 16:50 Christian Seberino
2002-07-10 17:10 ` Ramin Alidousti
0 siblings, 1 reply; 2+ messages in thread
From: Christian Seberino @ 2002-07-10 16:50 UTC (permalink / raw)
To: netfilter
Is conntrack the "memory" of iptables that allows
it to make filtering decisions based on history
of network traffic in and out of PC???
Imagine a private LAN PC trying to do DNS thru
an SSH-only DNAT/SNAT firewall... it is the conntrack
that allows ESTABLISHED/RELATED packets to bypass
the rules allowing DNS to work right?
How can *ipchains* do DNS thru an SSH-only ipchains
firewall since it does *not* have conntrack!!!
It must have some other mechanism right? What?
Chris
--
_______________________________________
Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2363
53560 Hull Street
San Diego, CA 92152-5001
U.S.A.
Phone: (619) 553-7940
Fax: (619) 553-2836
Email: seberino@spawar.navy.mil
_______________________________________
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: what is conntrack & how ipchains works without it?!?
2002-07-10 16:50 what is conntrack & how ipchains works without it?!? Christian Seberino
@ 2002-07-10 17:10 ` Ramin Alidousti
0 siblings, 0 replies; 2+ messages in thread
From: Ramin Alidousti @ 2002-07-10 17:10 UTC (permalink / raw)
To: Christian Seberino; +Cc: netfilter
On Wed, Jul 10, 2002 at 09:50:44AM -0700, Christian Seberino wrote:
> Is conntrack the "memory" of iptables that allows
> it to make filtering decisions based on history
> of network traffic in and out of PC???
>
> Imagine a private LAN PC trying to do DNS thru
> an SSH-only DNAT/SNAT firewall... it is the conntrack
What is a SSH-only firewall?
> that allows ESTABLISHED/RELATED packets to bypass
> the rules allowing DNS to work right?
>
> How can *ipchains* do DNS thru an SSH-only ipchains
> firewall since it does *not* have conntrack!!!
> It must have some other mechanism right? What?
In case of ipchains you have to open up the firewall manually for
the return traffic which usually translates into a much larger hole
than needed.
Again, what is a SSH-only firewall?
Ramin
>
> Chris
> --
> _______________________________________
>
> Dr. Christian Seberino
> SPAWAR Systems Center San Diego
> Code 2363
> 53560 Hull Street
> San Diego, CA 92152-5001
> U.S.A.
>
> Phone: (619) 553-7940
> Fax: (619) 553-2836
> Email: seberino@spawar.navy.mil
> _______________________________________
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-07-10 17:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-07-10 16:50 what is conntrack & how ipchains works without it?!? Christian Seberino
2002-07-10 17:10 ` Ramin Alidousti
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.