Iptables connection tracking

Connection tracking is an essential security feature of Iptables. But, what is connection tracking?

It is the ability to maintain connection information in memory. This is new feature added in 2.4.xx Linux kernel. Eariler only commercial firewall has this feature but now it is part of Linux. It can remember connection states such as established & new connections along with protocol types, source and destination ip address. You can allow or deny access based upon state. Following are the states:

Configure iptables ftp port 21 and 22 including passive ports

How do I open port 21 using Linux iptables firewall?

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface is directly connected to the Internet. It has public ip (202.54.1.20). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables based shell script):

Postfix masquerading or changing outgoing SMTP email or mail address

Address rewriting allows changing outgoing email ID or domain name itself. This is good for hiding internal user names. For example:
SMTP user: angelo-01
EMAIL ID: angelo@domain.com
Server name: server01.hosting.com

However when angelo-01 send an email from shell prompt or using php it looks like it was send from angelo-01@server01.hosting.com

Iptables connection tracking

Iptables connection tracking

Configure iptables ftp port 21 and 22 including passive ports

Postfix masquerading or changing outgoing SMTP email or mail address

Categories