Hello
I'm trying to understand RELATED state in iptables.
This is the definition:
Quote:
RELATED connections are also validated by another rule and they apply for a few protocols. The RELATED state signifies a packet that is generated is in relation with some other existing communication. This may make it possible to connect on a different port, that port should only be part of a related process like an FTP data connection. Which ports are allowed are controlled by protocol specific conntrack kernel module.
|
This is my understanding:
In iptables, when you allow port 21 (ftp), then its related port 20 (data) will automatically considered as RELATED (to port 21) and hence allowed to pass through.
I'm I right?
If wrong, please correct me.
If right, how do I know what are the related ports of FTP connection
specified in its conntrack module? I know its specific conntrack kernel module is
nf_conntrack_ftp.
From /etc/services file, I assume these are all FTP related ports:
Code:
ftp-data 20/tcp
ftp-data 20/udp
ftp 21/tcp
ftp 21/udp fsp fspd
ftp-data 20/sctp # FTP
ftp 21/sctp # FTP
ftp-agent 574/tcp # FTP Software Agent System
ftp-agent 574/udp # FTP Software Agent System
but, I want verification from conntrack module. How do I know those related ports?
Also while I'm here, will someone tell me RegEx for finding 'ftp' and zero or one hyphen.
This is what show in my terminal
Code:
# egrep ^ftp-? /etc/services
ftp-data 20/tcp
ftp-data 20/udp
ftp 21/tcp
ftp 21/udp fsp fspd
ftp-data 20/sctp # FTP
ftp 21/sctp # FTP
ftp-agent 574/tcp # FTP Software Agent System
ftp-agent 574/udp # FTP Software Agent System
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps-data 989/udp # ftp protocol, data, over TLS/SSL
ftps 990/tcp # ftp protocol, control, over TLS/SSL
ftps 990/udp # ftp protocol, control, over TLS/SSL
I don't want italicised to show up.
Thanks