Solved

Opening ports for an app - not getting 2 way communication - I THINK!

Posted on 2004-10-13
4
198 Views
Last Modified: 2010-04-09
Ok -
Here's the deal.  I have an application hosted in my companies hosting center.  They are setup with a private network - separate from the rest of the company.  They have external address that are NAT'd to an internal network - 10.x.x.x

I'm not sure of the version - but i know it's a late model PIX that's being used as the firwall.

So- my application needs ports 20000 and 20001 open.  They have opened the ports.  (I can acutally test port 20000 by telneting to it - and it gives me access)

Now the app vendor is telling me that the firewall config needs to be "tweaked" possibly with filters to ensure that the outgoing packets can get back through the firewall.  I just want to run this by you to see if that makes sense.  My hosting guy says that they don't do any "egress filtering".

Does this make sense that I'll need to have him add a specific command to allow these ports to get back out?  I'm not sure of the exact command he's using now - but when I saw it it was something like allow ports range 20000 200001, etc...

Thanks,
0
Comment
Question by:fixxman
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 63 total points
ID: 12302755
I'm guessing the app works by you sending stuff on 20000 and getting answers back on 20001.
Even if the vendor doesn't do egress filtering, you could still have problems in two places
o  Your own company's firewall might block the traffic because it doesn't know that the 20001 return traffic is associated with the call you made on 20000 and thinks this should be blocked
o  The NAT device (assuming the NAT isn't being done in the firewall) also might not know that the 20001 traffic is associated with the call you made on 20000 not know where to send it

Firewalls and NAT devices typically have special code to deal with well known things that do such "backward" connections (such as active-mode FTP and H.323 telephony).

It may be very difficult to get them to handle other applications that do such evilness.
0
 
LVL 1

Assisted Solution

by:JEEGO
JEEGO earned 62 total points
ID: 12309435
How about creating  a STATIC NAT statement on the PIX using a dedicated external IP address & the internal IP address of App Server. Then create an ACL for the port 20000 and port 20001.

If this works then your can replace the STATIC NAT with a STATIC PAT, and check for functionality.

Although I have not run into exactly the same problem, I have experienced something quite similar with a SSL VPN device we were using to publish certain inhouse applications.

let me know the results
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 89
Linksys LRT 224 forward 3 44
Firewall attack 16 185
How to connect witth Remote Desktop 2 computers using Comodo Firewall 10 130
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question