John,
#I guess that's my basic question: am I nuts, or is it correct behavior on
#the part of my firewall to change the source packets coming out?
The way my firewall works is that there is a connection established between
the external client and my firewall and another connection between my
firewall and the internal server. The client source port becomes my
destination port because this is the port that the client has posted a
listen on for this traffic. There is a different source port used between
the firewall and my internal server because it is a different connection.
Your firewall cannot change the socket (source port/ip address and
destination port/ip address) for the external connection but your firewall
can create a new socket for the connection to the internal server. So if
this other network establishes a connection to your network then your reply
packets will have a source port equal to his destination port, a
destination port equal to his source port, a source IP equal to his
destination ip, and a destination ip equal to his source ip.
example:
16:10:17.215380 10.12.186.117.3251 > 10.12.34.101.80: S
16:10:17.215549 10.12.34.101.80 > 10.12.186.117.3251: S ack
16:10:17.258298 10.12.186.117.3251 > 10.12.34.101.80: . ack
16:10:17.259777 10.12.186.117.3251 > 10.12.34.101.80: P
16:10:17.268473 10.12.34.101.80 > 10.12.186.117.3251: P
16:10:17.377288 10.12.186.117.3251 > 10.12.34.101.80: . ack
16:10:22.128357 10.12.186.117.3251 > 10.12.34.101.80: F
16:10:22.128465 10.12.34.101.80 > 10.12.186.117.3251: . ack
16:10:22.129321 10.12.34.101.80 > 10.12.186.117.3251: F
16:10:22.153859 10.12.186.117.3251 > 10.12.34.101.80: . ack
Now, if your firewall is changing the source port or destination portof
your packets back to the other network to something other than what they
should be you will have a problem. Regardless, of what the source and
destination ports are they should not be dropped by the router unless the
router is running acls. If this router is not running any acls then the
traffic should be reffused by the internal client on the other network not
the router. If the router is running acls then there may also be a problem
with the way the router is configured. My best suggestion is to run a
sniffer (tcpdump ect.) on your firewall network and on his router network
and see what the packets are saying.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
