Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Syslog, NAT, and statefulness

Posted on 2006-07-07
5
474 Views
Last Modified: 2007-02-12
I wanted to get a second opinion.

I have an internal address of X.  It appears to be stateful from the syslogs.
I have an external address of Y.  It too appears to be stateful.

There are X connections to Y on a port.  This seems normal.
There are Y connections to X on the same port.  Is this normal if you don't allow inbound access with stateful connections?

Here is the sanitized syslog message
Built outbound TCP connection 5425442354 for faddr Y/some port gaddr X/some port laddr X/some port
0
Comment
Question by:awakenings
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17063747
Sounds like a puzzle ? Can you explain a bit more ? and remove the X and Y if possible, tell the problem and network scenario ?

Cheers,
Rajesh
0
 

Author Comment

by:awakenings
ID: 17064618
Rajesh,

    Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 250 total points
ID: 17064770
When we say a connection is established, it is 2 way; Say this is telnet connection;

X (random port)----------------------Y (23)

So in your translation, you will see this; For the communication to work the traffic will be flowing in both directions. X sends some commands which goes through the link to Y, and also echoed at your terminal. If there is a result for your command, that also is sent back from Y to X to display on your terminal. All this in case of telnet. Same applies for any kind of connections. If this is what you meant, then you are correct.

Other than that, if there is a translation entry for a service specific to a destination, then this entry can be used by another host also in some NAT implementations. But that itself is a big story. If you want to know about this let know and I'll put some more info.

Cheers,
Rajesh
0
 
LVL 12

Accepted Solution

by:
r_naren22atyahoo earned 250 total points
ID: 17069987
>>>Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is >>>stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.

you mean the inbond connection here


X------>Firewall-------->54.27.32.54
                        <---
                         Inbond connection

Offcource there will be inbond connections here, however they are on random port generated by firewall and only open to the session created by the firewall. this random port will be from 1024 to 65 thousand
the inbond connections are required for replys



0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17070242
thanks :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question