iptables: difference btw. ESTABLISHED & RELATED

iptables: difference btw. ESTABLISHED & RELATED

Post by Kristia » Thu, 16 Aug 2001 19:14:58



Hello.

A very silly question: What's the exact difference between ESTABLISHED and
RELATED tcp or udp connections ?

Thank you for your answer !

Kristian

 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by Dean Thompso » Thu, 16 Aug 2001 19:32:26


Hi!,

Quote:> A very silly question: What's the exact difference between ESTABLISHED and
> RELATED tcp or udp connections ?

Okay, well try this as a definition:

 * Keyword: ESTABLISHED refers to a connection which is returning from a
             connection which has been established.  For example if I telnet
             out to a server, the ESTABLISHED flag allows the return telnet
             connection to come back through the firewall.

 * Keyword: RELATED refers to a connection which is returning from a
             connection which is related.  Basically, this allows the
             FTP-DATA connection to come back in when a FTP connection was
             initiated.

They are normally used together in most firewall scripts.

You might like to take a look at the following URL's:

http://www.boingworld.com/workshops/linux/iptables-tutorial/
http://netfilter.samba.org/netfilter-faq.html
http://netfilter.samba.org/unreliable-guides/
http://my.netfilter.se/
http://www.cs.princeton.edu/~jns/security/iptables/

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by Kristia » Fri, 17 Aug 2001 00:20:05


Many thanks for the links !

> http://www.boingworld.com/workshops/linux/iptables-tutorial/
> http://netfilter.samba.org/netfilter-faq.html
> http://netfilter.samba.org/unreliable-guides/
> http://my.netfilter.se/
> http://www.cs.princeton.edu/~jns/security/iptables/

 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by John Haddoc » Fri, 17 Aug 2001 03:29:59


Dean,

I don't seem to be able to reach www.boingworld.com - is this a dead link or
do I have DNS server problems?
regards
John

Quote:

> Hi!,

> > A very silly question: What's the exact difference between ESTABLISHED
and
> > RELATED tcp or udp connections ?

> Okay, well try this as a definition:

>  * Keyword: ESTABLISHED refers to a connection which is returning from a
>              connection which has been established.  For example if I
telnet
>              out to a server, the ESTABLISHED flag allows the return
telnet
>              connection to come back through the firewall.

>  * Keyword: RELATED refers to a connection which is returning from a
>              connection which is related.  Basically, this allows the
>              FTP-DATA connection to come back in when a FTP connection was
>              initiated.

> They are normally used together in most firewall scripts.

> You might like to take a look at the following URL's:

> http://www.boingworld.com/workshops/linux/iptables-tutorial/
> http://netfilter.samba.org/netfilter-faq.html
> http://netfilter.samba.org/unreliable-guides/
> http://my.netfilter.se/
> http://www.cs.princeton.edu/~jns/security/iptables/

> See ya

> Dean Thompson

> --

+____________________________+____________________________________________+

|
> | Bach. Computing (Hons)     | ICQ     - 45191180
|
> | PhD Student                | Office  - <Off-Campus>
|
> | School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> | MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> | Melbourne, Australia       |
|

+----------------------------+--------------------------------------------+
 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by Kristia » Fri, 17 Aug 2001 03:55:38



> Dean,

> I don't seem to be able to reach www.boingworld.com - is this a dead link or
> do I have DNS server problems?
> regards
> John

me too, my squid says it's DNS related. I thought my provider was responsible
for that...
 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by Dean Thompso » Fri, 17 Aug 2001 21:54:06


Hi!,

Quote:> I don't seem to be able to reach www.boingworld.com - is this a dead link
> or do I have DNS server problems?

It looks like the link is down at the moment.  I can't seem to reach it at the
moment either.  The nameserver doesn't seem to resolve the address and it
seems that their DNS server is offline at the moment.  It should come good
however.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

iptables: difference btw. ESTABLISHED & RELATED

Post by Dean Thompso » Fri, 17 Aug 2001 21:55:05


Hi!,

Quote:>>I don't seem to be able to reach www.boingworld.com - is this a dead link
>>or do I have DNS server problems?

> me too, my squid says it's DNS related. I thought my provider was
> responsible for that...

Yep, it looks like the DNS servers which provide the zone information for
boingworld are offline at the moment.  Fingers crossed that it will come back
online.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. Iptables and connection related established

I'm running iptables 1.2.2 on Redhat 7.1.  I have a default rule of DROP
for incomming packets and then allow what I want through.  Anything that
I initiate from my end that sends a return packet I need to make sure
that I specifically allow those packets through in my rules, like
connecting to an FTP site.

My question is, is it safe to set up a default rule to allow any
incoming packet that is related to what I'm sending out?  I just want to
make sure that iptables is secure in that sense so it wouldn't allow
anything in that wasn't related to what I was sending out.

A rule somthing like this:

   iptables -A INPUT -i $EXTERNAL_INTERFACE -p all -m state --state
RELATED,ESTABLISHED -j ACCEPT

2. thr_suspend trouble in Solaris 2.5

3. iptables: ESTABLISHED,RELATED but some ACK or RST rejected

4. Diamond Supra Express 56i PRO Pci modem

5. iptables restart, existing sessions, and ESTABLISHED,RELATED rules

6. Jaz and SyJet drivers

7. iptables RELATED ESTABLISHED FIN/ACK problem

8. Adaptec 2842 ...

9. udp not RELATED,ESTABLISHED with iptables?

10. Connection related/established with iptables

11. tcsh - difference btw. set & setenv

12. Printing differences btw. Netscape UNIX & Win32

13. iptables woes - may be RELATED related :)