Re: Firewalls and ephemeral ports

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

If this is a single TCP connection, you need to complain to that
UNIX vendor as this violates the TCP protocol. However,
this just makes no sense... Do you care to elaborate more on
your protocol? I suspect there are multiple TCP connections
involved...

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@xxxxxxxx
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================

"Mark Perschbacher" <MarkPerschbacher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:65B4AAB2-E6EF-47D8-BA13-560169C697D5@xxxxxxxxxxxxxxxx
> Sorry for the confusion, we are using TCP. What is happening is the UNIX
> server is incrementing its local ports as we send sequential data, and the
> firewall is seeing ACK's coming back toward us with the same destination
> address, but different sending port numbers, and is blocking them.
>
> "Phil Frisbie, Jr." wrote:
>
>> Mark Perschbacher wrote:
>>
>> > Several months ago, I posted a question about an issue I am having with
>> > a
>> > tcp/ip connection between our W2003 server and a UNIX box. The issue
>> > is the
>> > UNIX side sits behind a firewall which is blocking data transmission
>> > because
>> > of the ephemeral port connection,ie; a datagram is sent on port x, the
>> > next
>> > is on port x2, the firewall sees this change and blocks it. It is a
>> > global
>> > setting on the firewall. I just read that ftp connections can be
>> > configured
>> > in passive mode. Can this be done for tcp/ip?
>>
>> Which TCP/IP protocol are you using? UDP or TCP?
>>
>> At first you refer to a connection which would lead me to think you are
>> using
>> TCP, but then you talk about datagrams which are UDP, so please explain
>> more!
>>
>> And I still have no idea why you think firewall blocking has anything to
>> do with
>> ephemeral ports.
>>
>> --
>> Phil Frisbie, Jr.
>> Hawk Software
>> http://www.hawksoft.com
>>


.

Relevant Pages

  • Re: port 110 very slow
    ... Now port 80 works fine so does port 25. ... TCP connection user with the IDENT protocol. ... so the firewall needs to accept the incoming TCP ...
    (comp.os.linux.networking)
  • Re: Suggestions for custom application-layer protocol?
    ... :I need to implement a simple application layer protocol that will be used to ... :communicate between an embedded device ... :TCP socket? ... Or is it better to simply leave a TCP connection ...
    (comp.os.linux.embedded)
  • Re: Suggestions for custom application-layer protocol?
    ... :I need to implement a simple application layer protocol that will be used to ... :communicate between an embedded device ... :TCP socket? ... Or is it better to simply leave a TCP connection ...
    (comp.unix.programmer)
  • Re: what ports numbers are for vpn
    ... IPSec AH -- IP protocol 51 ... IPSec ESP -- IP protocol 50 ... NAT-T -- TCP 4500 ... The ISP controls the firewall and I have allready ...
    (microsoft.public.windows.server.setup)
  • Re: what ports numbers are for vpn
    ... IPSec AH -- IP protocol 51 ... IPSec ESP -- IP protocol 50 ... NAT-T -- TCP 4500 ... The ISP controls the firewall and I have allready ...
    (microsoft.public.windows.server.networking)