On Sat, 2010-01-09 at 22:12 +0100, Nemeth Denes wrote: > Hello, > > Could someone help me to explain what does the conntack module do > in TCP connection negotiation in the following three cases: (host N is > behind the NAT and host P is on the other side of the NAT) > > A: > P sends a SYN to H and H replies with an SYN-ACK with an invalid > sequence number (If this passes normally through is it possible to > filter it out?) > > B: > P sends a SYN to H and H replies with non SYN-ACK (3-way-handshake) > or SYN (TCP simultaneous open) package > > C: If the "--random" option is given to the postrouting chain, what happens > if the clients use up all the ports? > > Many thanks, > Denes Nemeth > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Dear denes Do you mean N host where host H is mentioned ? thnks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
