Solved

Syslog, NAT, and statefulness

Posted on 2006-07-07
5
462 Views
Last Modified: 2007-02-12
I wanted to get a second opinion.

I have an internal address of X.  It appears to be stateful from the syslogs.
I have an external address of Y.  It too appears to be stateful.

There are X connections to Y on a port.  This seems normal.
There are Y connections to X on the same port.  Is this normal if you don't allow inbound access with stateful connections?

Here is the sanitized syslog message
Built outbound TCP connection 5425442354 for faddr Y/some port gaddr X/some port laddr X/some port
0
Comment
Question by:awakenings
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17063747
Sounds like a puzzle ? Can you explain a bit more ? and remove the X and Y if possible, tell the problem and network scenario ?

Cheers,
Rajesh
0
 

Author Comment

by:awakenings
ID: 17064618
Rajesh,

    Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 250 total points
ID: 17064770
When we say a connection is established, it is 2 way; Say this is telnet connection;

X (random port)----------------------Y (23)

So in your translation, you will see this; For the communication to work the traffic will be flowing in both directions. X sends some commands which goes through the link to Y, and also echoed at your terminal. If there is a result for your command, that also is sent back from Y to X to display on your terminal. All this in case of telnet. Same applies for any kind of connections. If this is what you meant, then you are correct.

Other than that, if there is a translation entry for a service specific to a destination, then this entry can be used by another host also in some NAT implementations. But that itself is a big story. If you want to know about this let know and I'll put some more info.

Cheers,
Rajesh
0
 
LVL 12

Accepted Solution

by:
r_naren22atyahoo earned 250 total points
ID: 17069987
>>>Assume X is 10.0.0.5.  Assume Y is 54.27.32.54.  These IP's are sanitized  To go from X to Y there is a NAT translation and the connection is >>>stateful.  In this scenario is simple.  I'm analysing the connectivity from X to Y and trying to determine if there is an inbound connection as well.

you mean the inbond connection here


X------>Firewall-------->54.27.32.54
                        <---
                         Inbond connection

Offcource there will be inbond connections here, however they are on random port generated by firewall and only open to the session created by the firewall. this random port will be from 1024 to 65 thousand
the inbond connections are required for replys



0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17070242
thanks :)
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now