how-to block ads
jdongEat A Beaver, Save A Tree.Premium
|reply to jdong |
Re: D-Link 524 Router: Letting a few packets throu
Ok, let me clarify:
I establish an outgoing connection to a bittorrent peer. All incoming BT data from that peer is NAT'ted to me.
However, when I close the connection, I always get 5 or so unsolicited packets being NAT'ted in. Even though I closed the connection, NAT is still routing that source to me!
Official Ubuntu Linux Forum Super Moderator: try Ubuntu Linux
TheWiseGuyDog And ButterflyPremium,MVMReviews:
East Stroudsburg, PA
NAT is not stateful. But technically even in a stateful firewall, if you Close a connection, some packets should be allowed Inbound from the other user. You would need to run a packet sniffer to see if the router is allowing packets it shouldn't or if IPTables was denying those it should have allowed, though both could be Allowing/Denying packets correctly.
see figure 6
Part of whether the firewall allows the packets would depend on how the connection is closed and whether a RST or FIN is sent.
said by Iptables Tutorial 1.1.19:Also timing is important and not absolute.
If the connection is reset by a RST packet, the state is changed to CLOSE. This means that the connection per default have 10 seconds before the whole connection is definitely closed down. RST packets are not acknowledged in any sense, and will break the connection directly.
said by Iptables Tutorial 1.1.19:So while both may be stateful they may have different timeout values for the states.
Here is the complete list of possible states that a TCP stream may take, and their timeout values.
Table 4-2. Internal states
These values are most definitely not absolute. They may change with kernel revisions, and they may also be changed via the proc file-system in the /proc/sys/net/ipv4/netfilter/ip_ct_tcp_* variables. The default values should, however, be fairly well established in practice.
State Timeout value
NONE 30 minutes
ESTABLISHED 5 days
SYN_SENT 2 minutes
SYN_RECV 60 seconds
FIN_WAIT 2 minutes
TIME_WAIT 2 minutes
CLOSE 10 seconds
CLOSE_WAIT 12 hours
LAST_ACK 30 seconds
LISTEN> 2 minutes
These values are set in jiffies (or 1/100th parts of seconds), so 3000 means 30 seconds.
Dog and Butterfly
|reply to jdong |
said by jdong:Just a thought, but those routers do buffer some packets - perhaps when you clicked "stop" in the software on the host system, those packets were already en-route somewhere, possibly already sitting in buffers on the router. Another might be (if they are UDP), that since UDP isn't connection-oriented, NAT devices have to fake the statefulness, and they do that via a timeout mechanism, which I would assume would probably leave a window on the order of 30s or so for packets to continue to find their way in.
However, when I close the connection, I always get 5 or so unsolicited
packets being NAT'ted in. Even though I closed the connection, NAT is still routing that source to me!