Solved

Syslog, NAT, and statefulness

Posted on 2006-07-07
5
467 Views
Last Modified: 2007-02-12
I wanted to get a second opinion.

I have an internal address of X.  It appears to be stateful from the syslogs.
I have an external address of Y.  It too appears to be stateful.

There are X connections to Y on a port.  This seems normal.
There are Y connections to X on the same port.  Is this normal if you don't allow inbound access with stateful connections?

Here is the sanitized syslog message
Built outbound TCP connection 5425442354 for faddr Y/some port gaddr X/some port laddr X/some port
0
Comment
Question by:awakenings
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17063747
Sounds like a puzzle ? Can you explain a bit more ? and remove the X and Y if possible, tell the problem and network scenario ?

Cheers,
Rajesh
0
 

Author Comment

by:awakenings
ID: 17064618
Rajesh,

    Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 250 total points
ID: 17064770
When we say a connection is established, it is 2 way; Say this is telnet connection;

X (random port)----------------------Y (23)

So in your translation, you will see this; For the communication to work the traffic will be flowing in both directions. X sends some commands which goes through the link to Y, and also echoed at your terminal. If there is a result for your command, that also is sent back from Y to X to display on your terminal. All this in case of telnet. Same applies for any kind of connections. If this is what you meant, then you are correct.

Other than that, if there is a translation entry for a service specific to a destination, then this entry can be used by another host also in some NAT implementations. But that itself is a big story. If you want to know about this let know and I'll put some more info.

Cheers,
Rajesh
0
 
LVL 12

Accepted Solution

by:
r_naren22atyahoo earned 250 total points
ID: 17069987
>>>Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is >>>stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.

you mean the inbond connection here


X------>Firewall-------->54.27.32.54
                        <---
                         Inbond connection

Offcource there will be inbond connections here, however they are on random port generated by firewall and only open to the session created by the firewall. this random port will be from 1024 to 65 thousand
the inbond connections are required for replys



0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17070242
thanks :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Advertise subnet not directly attached 6 30
ISP Change 14 49
Bandwidth issues? 5 29
Simultaneous work of Wi-Fi and LAN on Win10 laptop 4 20
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question