Re: port designation question

[Mad Cap <tyme () dreams res cmu edu>]

On Wed, 10 Feb 1999, Kertesz Imre wrote:

> Applications that use reserved ports, such as e-mail and telnet clients,
> will not have a problem traversing a firewall. The request and
> corresponding reply will use a pre-determined port that the firewall
> will allow.

> However, applications that do not use reserved ports are assigned a port
> from an available pool of ports. The request traverses the firewall but
> the response will be blocked (provided the firewall is tight).

How will the response be blocked?  The firewall initiates a connection to
the server somewhere on the internet, and receives packets back.  It's up
to the internal configuration how that packet gets back to the internal
host that originated the connection.

> Is there a way to force the application to use a particular outbound
> port so that the firewall can be configured to open only that port?

Are you assuming the firewall won't accept connections from internal hosts
unless the source port is "registered", i.e. has been configured to be
accepted?  Almost all outgoing connections from a computer use fairly
random non-privledged ports, so I don't see how this example, if I have it
correct, would work in any capacity.

Where do you see the problem?  In the firewall <--> external server
connection or the firewall <--> internal host connection?

Justin