• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

Syslog, NAT, and statefulness

I wanted to get a second opinion.

I have an internal address of X.  It appears to be stateful from the syslogs.
I have an external address of Y.  It too appears to be stateful.

There are X connections to Y on a port.  This seems normal.
There are Y connections to X on the same port.  Is this normal if you don't allow inbound access with stateful connections?

Here is the sanitized syslog message
Built outbound TCP connection 5425442354 for faddr Y/some port gaddr X/some port laddr X/some port
0
awakenings
Asked:
awakenings
  • 2
  • 2
2 Solutions
 
rsivanandanCommented:
Sounds like a puzzle ? Can you explain a bit more ? and remove the X and Y if possible, tell the problem and network scenario ?

Cheers,
Rajesh
0
 
awakeningsAuthor Commented:
Rajesh,

    Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.
0
 
rsivanandanCommented:
When we say a connection is established, it is 2 way; Say this is telnet connection;

X (random port)----------------------Y (23)

So in your translation, you will see this; For the communication to work the traffic will be flowing in both directions. X sends some commands which goes through the link to Y, and also echoed at your terminal. If there is a result for your command, that also is sent back from Y to X to display on your terminal. All this in case of telnet. Same applies for any kind of connections. If this is what you meant, then you are correct.

Other than that, if there is a translation entry for a service specific to a destination, then this entry can be used by another host also in some NAT implementations. But that itself is a big story. If you want to know about this let know and I'll put some more info.

Cheers,
Rajesh
0
 
r_naren22atyahooCommented:
>>>Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is >>>stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.

you mean the inbond connection here


X------>Firewall-------->54.27.32.54
                        <---
                         Inbond connection

Offcource there will be inbond connections here, however they are on random port generated by firewall and only open to the session created by the firewall. this random port will be from 1024 to 65 thousand
the inbond connections are required for replys



0
 
r_naren22atyahooCommented:
thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now