What is conntrack and what is it for?

Y

yeszhanov2017-03-29 21:37:32

linux

yeszhanov, 2017-03-29 21:37:32

Hello! task, install an ftp server and set up conntrack to run the ftp service. Installed vsftpd , everything works fine. But I still don't understand what conntrack is for. The value is written on the Internet, but I never got it. Can you please explain in plain language.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Andrey Burov, 2017-03-29
@BuriK666

CONFIG_NF_CONNTRACK:

Connection tracking keeps a record of what packets have passed
through your machine, in order to figure out how they are related
into connections.

This is required to do Masquerading or other kinds of Network
Address Translation.  It can also be used to enhance packet
filtering (see `Connection state match support' below).

K

ky0, 2017-03-29
@ky0

Set up an FTP server behind NAT with only 21 ports forwarded - you will immediately understand what conntrack is :)

A

Alexey Timofeev, 2017-03-30
@alextimofeyev7

This is a connection tracking module. It is mainly used when tracking connections when forwarding from one network to another.

Z

zorruch, 2017-03-30
@zorruch

In short, this is a Firewall
More details - https://ru.wikipedia.org/wiki/Netfilter