Firewall Wizards mailing list archives
Re: port designation question
From: Mad Cap <tyme () dreams res cmu edu>
Date: Wed, 10 Feb 1999 23:35:07 -0500 (EST)
On Wed, 10 Feb 1999, Kertesz Imre wrote:
Applications that use reserved ports, such as e-mail and telnet clients, will not have a problem traversing a firewall. The request and corresponding reply will use a pre-determined port that the firewall will allow.
However, applications that do not use reserved ports are assigned a port from an available pool of ports. The request traverses the firewall but the response will be blocked (provided the firewall is tight).
How will the response be blocked? The firewall initiates a connection to the server somewhere on the internet, and receives packets back. It's up to the internal configuration how that packet gets back to the internal host that originated the connection.
Is there a way to force the application to use a particular outbound port so that the firewall can be configured to open only that port?
Are you assuming the firewall won't accept connections from internal hosts unless the source port is "registered", i.e. has been configured to be accepted? Almost all outgoing connections from a computer use fairly random non-privledged ports, so I don't see how this example, if I have it correct, would work in any capacity. Where do you see the problem? In the firewall <--> external server connection or the firewall <--> internal host connection? Justin
Current thread:
- port designation question Kertesz Imre (Feb 10)
- Re: port designation question cbrenton (Feb 10)
- Re: port designation question Mad Cap (Feb 11)