Hi to all, I read in the IPTables tutorial by Oskar Andreasson that the connection tracking does not follow the flow of a TCP connection. If I go with this, it means that after the SYN/ACK packet passes through the stateful firewall, the connection is set to ESTABLISHED. But it also says that it's only after the ACK packet has passed through the stateful firewall that the connection is considered ESTABLISHED. When SYN/ACK is received the flag is changed to SYN_RECV and not ESTABLISHED. Which one is good? Also, I wanted to know if connection tracking still works for a TCP connection where the SYN packet passes through stateful firewall FW1, the SYN/ACK packet passes through stateful firewall FW2, the ACK passes again through FW1 and the first data packet passes through FW2. Is the connection considered as ESTABLISHED at that point on both firewalls? Any input will be very much appreciated.. Warm regards, Visham
