Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Syslog, NAT, and statefulness

Posted on 2006-07-07
Medium Priority
Last Modified: 2007-02-12
I wanted to get a second opinion.

I have an internal address of X.  It appears to be stateful from the syslogs.
I have an external address of Y.  It too appears to be stateful.

There are X connections to Y on a port.  This seems normal.
There are Y connections to X on the same port.  Is this normal if you don't allow inbound access with stateful connections?

Here is the sanitized syslog message
Built outbound TCP connection 5425442354 for faddr Y/some port gaddr X/some port laddr X/some port
Question by:awakenings
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 32

Expert Comment

ID: 17063747
Sounds like a puzzle ? Can you explain a bit more ? and remove the X and Y if possible, tell the problem and network scenario ?


Author Comment

ID: 17064618

    Assume X is  Assume Y is  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.
LVL 32

Assisted Solution

rsivanandan earned 1000 total points
ID: 17064770
When we say a connection is established, it is 2 way; Say this is telnet connection;

X (random port)----------------------Y (23)

So in your translation, you will see this; For the communication to work the traffic will be flowing in both directions. X sends some commands which goes through the link to Y, and also echoed at your terminal. If there is a result for your command, that also is sent back from Y to X to display on your terminal. All this in case of telnet. Same applies for any kind of connections. If this is what you meant, then you are correct.

Other than that, if there is a translation entry for a service specific to a destination, then this entry can be used by another host also in some NAT implementations. But that itself is a big story. If you want to know about this let know and I'll put some more info.

LVL 12

Accepted Solution

r_naren22atyahoo earned 1000 total points
ID: 17069987
>>>Assume X is  Assume Y is  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is >>>stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.

you mean the inbond connection here

                         Inbond connection

Offcource there will be inbond connections here, however they are on random port generated by firewall and only open to the session created by the firewall. this random port will be from 1024 to 65 thousand
the inbond connections are required for replys

LVL 12

Expert Comment

ID: 17070242
thanks :)

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question