Re: Firewalls and ephemeral ports

If unix do it incrementally , you are lucky and need only open range of
ports in your f/w , otherwise you are in problem ( unless you'll decide to
turn it off :) ). BTW both those you can do programmatically
Arkady

"Mark Perschbacher" <MarkPerschbacher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:65B4AAB2-E6EF-47D8-BA13-560169C697D5@xxxxxxxxxxxxxxxx
> Sorry for the confusion, we are using TCP. What is happening is the UNIX
> server is incrementing its local ports as we send sequential data, and the
> firewall is seeing ACK's coming back toward us with the same destination
> address, but different sending port numbers, and is blocking them.
>
> "Phil Frisbie, Jr." wrote:
>
>> Mark Perschbacher wrote:
>>
>> > Several months ago, I posted a question about an issue I am having with
>> > a
>> > tcp/ip connection between our W2003 server and a UNIX box. The issue
>> > is the
>> > UNIX side sits behind a firewall which is blocking data transmission
>> > because
>> > of the ephemeral port connection,ie; a datagram is sent on port x, the
>> > next
>> > is on port x2, the firewall sees this change and blocks it. It is a
>> > global
>> > setting on the firewall. I just read that ftp connections can be
>> > configured
>> > in passive mode. Can this be done for tcp/ip?
>>
>> Which TCP/IP protocol are you using? UDP or TCP?
>>
>> At first you refer to a connection which would lead me to think you are
>> using
>> TCP, but then you talk about datagrams which are UDP, so please explain
>> more!
>>
>> And I still have no idea why you think firewall blocking has anything to
>> do with
>> ephemeral ports.
>>
>> --
>> Phil Frisbie, Jr.
>> Hawk Software
>> http://www.hawksoft.com
>>


.

Relevant Pages

  • RE: IM Programs
    ... want to block these ports. ... you don't need an explicit deny for the other ports. ... Access-list 101 deny any tcp any any eq 5000 ... >Now, when applying these to your firewall, make sure the number ...
    (Security-Basics)
  • Re: R2 DFS Replication failing
    ... Disabled the firewall and everything started magically working.. ... BTW: Found out the RPC patch is this one: ... System service name: DfsApplication protocol Protocol Ports ... NetBIOS Session Service TCP 139 ...
    (microsoft.public.windows.server.general)
  • Re: Windows Firewall on Domain Controllers
    ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Firewall on Domain Controllers
    ... Are you talking about Windows 2003 or Windows XP? ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ...
    (microsoft.public.windows.server.active_directory)
  • Re: R2 DFS Replication failing
    ... No don't open that range of ports. ... Try disabling the firewall and see if you are still getting this error, ... Microsoft MVP: Windows Server ... NetBIOS Session Service TCP 139 ...
    (microsoft.public.windows.server.general)