On Fri, 2003-03-28 at 18:43, Cedric Blancher wrote: > Le ven 28/03/2003 à 11:19, Vincent Lim a écrit : > > RELATED is for the ftp-data connection that is established after initial > > connection attempt. > > To be precise, RELATED is only for the packet that initiates ftp-data > connection. Following ones will be ESTABLISHED. > > A RELATED packet is similar to a NEW one, except that conntrack was > waiting for him. The below excerpt is taken from this url: http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial /iptables-tutorial.html#STATEMACHINE (url is wrapped) RELATED <snipped beginning> ..that it is RELATED. Some good examples of connections that can be considered as RELATED are the FTP-data connections that are considered RELATED to the FTP control port, and the DCC connections issued through IRC. This could be used to allow ICMP replies, FTP transfers and DCC's to work properly through the firewall. Do note that most TCP protocols and some UDP protocols that rely on this mechanism are quite complex and send connection information within the payload of the TCP or UDP data segments, and hence require special helper modules to be correctly understood. So, initially..the replying packets need to match the ESTABLISHED? (I'm asking this because Budai's initial rules only had RELATED and his ftp wasn't working) Then after establishing the RELATED ftp-data, subsequent packets match the ESTABLISHED again? -- Vincent Lim <vincent.lim@xxxxxxxxxx> NESTAC Solution Sdn Bhd
