Hi
Sorry it was a typo it should be the following:
(host H is behind the NAT ....)
Thanks
vishesh wrote:
On Sat, 2010-01-09 at 22:12 +0100, Nemeth Denes wrote:
Hello,
Could someone help me to explain what does the conntack module do
in TCP connection negotiation in the following three cases: (host N is
behind the NAT and host P is on the other side of the NAT)
A:
P sends a SYN to H and H replies with an SYN-ACK with an invalid
sequence number (If this passes normally through is it possible to
filter it out?)
B:
P sends a SYN to H and H replies with non SYN-ACK (3-way-handshake)
or SYN (TCP simultaneous open) package
C: If the "--random" option is given to the postrouting chain, what happens
if the clients use up all the ports?
Many thanks,
Denes Nemeth
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Dear denes
Do you mean N host where host H is mentioned ?
thnks
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
