Bilal Muddassir wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> salam
>
> this is not a linux question but since a linux host can act as a
> router as well as a gateway, kindly ponder and give me the right
> concept.
>
> 1. once i talked to an ISP in lahore http://www.wol.net.pk and asked
> why i cant read mails off my pop3 account at their server if i am not
> connected to their service. they answered that they had blocked the
> port 110 access at their main router.
>
It is possible.
>
> 2. browsing a book on networking, i came across an explanation. a
> network router is different from a network bridge. a bridge does not
> have the network layer or the IP layer in it and the router has this
> layer inside it. so it can compute/decide on the basis of IP
> datagrams.
>
> 3. my networking teacher taught the other day in the class that
> "...the router would never look inside the payload of the IP
> datagram, would just play with the header of the IP datagram and do
> this and that..."
Router can even look inside TCP/UDP header.This depends on the type of
router being use.
>
> I am confused now. Cisco certified people kindly explain to me. if
> the router wont look what payload the respective IP datagram is
> carrying, how can the statement no. 1 be true? my poor knowledge says
> the port numbers are only visible inside the TCP segment.
It is possible for a router to filter ip packets based on TCP/UDP port
number. I have seen at least one example of ip packet blocking destined to
port 80(HTTP).
A IP packet is
_________________________
| IP source and destination address|
| UDP/TCP | IP Header
| ...... other information |
|_________________________ |
| TCP/UDP source and destination|
| address| and other information | TCP/UDP header
|__________________________|
| data.... | Data
|
....
|__________________________|
All the router make use of IP header. IP header gives the information
whether data is UDP or TCP. It is very easy to get the source/destination
port number at predefined offset from TCP/UDP header and make decision based
on port number(deny/allow).
There is some problem in using filter based on source port number, but
destination TCP port number can very easily be used in routers. This
approach doesn't work properly is IP packet fragmentation takes place at
some intermediate router and port number filter is applied on fragmented IP
packets. I don't want to go into very details of packet filter but 1 is
true.
DIPAK
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBN+19bzhSyRD6/TF5EQJSsQCaArRMrhAd8CiurRhM3sAn6BJAFkwAnjlU
> j2QbDbEUAEBWvW8qdfNtm2sw
> =H1U9
> -----END PGP SIGNATURE-----
>
> --------------------------------------------------------------------
> For more information on Linux in India visit http://www.linux-india.org/
> The Linux India mailing list does not accept postings in HTML format.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
E-Mail: [EMAIL PROTECTED] or [EMAIL PROTECTED]
HomePage: http://members.xoom.com/dipak
R.Address: P-301, Sector 21, NOIDA-201301
O.Phone: (0118)510701/02
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
--------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
The Linux India mailing list does not accept postings in HTML format.
