Re: Iptables Forwarded traffic

From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2007 10:19:23 +0200

fr@xxxxx a écrit :

- is this possible the new port open by the ftp connection would receive any
ftp order or command, even it is not the order sollicited by the local
computer ?

FTP related connections are data connections which do not transport commands but only data such as directory listings and files. Only the initial control connection on a fixed port (usually 21) transports commands. Basically such commands may say to the other side : "please connect to my port xxx in order to send|receive the data". If loaded, the FTP connection tracking helper module reads the control connection and will consider RELATED only a connection from the remote FTP agent to the port that was specified in the above command. Connections from the same host to other ports will be considered NEW, not RELATED.

- in the case of RTSP protocol which use arbirtrary related port to answer
(like freebox tv), what will happen ?

The behaviour is the same as FTP. The RTSP connection uses a well known fixed port (usually 554) and transport requests from the client to the server saying "please send the UDP data stream to port xxx". If loaded, the RTSP connection tracking helper module reads the RTSP connection and will consider RELATED only UDP packets from the server to the client port that was specified in the request. Note that the RTSP conntrack and NAT helper module is not yet included in the mainline Linux kernel.
.

Follow-Ups:
- Re: Iptables Forwarded traffic
  - From: fr

References:
- Iptables Forwarded traffic
  - From: test
- Re: Iptables Forwarded traffic
  - From: Pascal Hambourg
- Re: Iptables Forwarded traffic
  - From: fr
- Re: Iptables Forwarded traffic
  - From: Pascal Hambourg
- Re: Iptables Forwarded traffic
  - From: fr

Prev by Date: Is a HTTP header a clear text?
Next by Date: Re: IP routing with remote DNS, but server & client on same subnet - how?
Previous by thread: Re: Iptables Forwarded traffic
Next by thread: Re: Iptables Forwarded traffic
Index(es):
- Date
- Thread

Relevant Pages

RE: Telnet/ftp problems SBS2000
... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ...
(microsoft.public.windows.server.sbs)
Re: IPSwitch, Inc. WS_FTP Server
... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ...
(Bugtraq)
RE: FTP Window of opportunity?
... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
(Pen-Test)
Re: Iptables FTP question
... think all other related would be from specific modules,the FTP and IRC ... Keep in mind that connection ... source port of 20 if it is for port mode data connections(for a standard ... I would also break down your rules into chains instead of appending such ...
(comp.security.firewalls)
Re: Passive means what during FTP?
... :227 Entering Passive Mode ... :ftp: connect: No route to host ... The FTP data transfer uses a connection that is separate from the ... address and port number to connect to for the data transfer. ...
(comp.os.linux.setup)