[Networker] Why a client/server communication doesn't use the standard ports?
2007-07-24 08:08:29
Hello,
I've asked before things related to firewall rules without responses. I
hope now someone has an idea about why this is happening...
I've set firewall rules between Legato client/servers so that only the
standard ports 7937-9936 and 10001-30000 are allowed. Some of our
clients fail sometimes and when this happens we can see that the
firewall is blocking the communications because its source/target ports
like in this fragment:
Server = 10.10.1.8
The rules we have are the following:
ALLOW
From Legato Clients (10001-30000) --> To Legato Server (7937-9936)
- This rule is for client starting connections to the server
ALLOW except SYN
From Legato Clients (7937,7938) --> To Legato Server (Any)
- This rule is for receiving the response of server starting connections
Do you know why clients are trying to connect for example to port 909 in
the server?
Thank you very much.
# Date Time Direction Interface EthType Source MAC
Destination MAC Protocol Flags Source IP Source Port Destination
IP Destination Port Packet size Reason
13 2007/07/24 12:59:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 881 60
Does not match allow policy
14 2007/07/24 12:59:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 15892
60 Does not match allow policy
15 2007/07/24 12:59:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12
91 7F 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.82 514 10.10.1.8 833 60
Does not match allow policy
16 2007/07/24 12:59:13 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
17 2007/07/24 12:58:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62
Does not match allow policy
18 2007/07/24 12:58:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892
62 Does not match allow policy
19 2007/07/24 12:58:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12
91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62
Does not match allow policy
20 2007/07/24 12:58:20 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 985 60
Does not match allow policy
21 2007/07/24 12:58:13 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
22 2007/07/24 12:58:02 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7
FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does
not match allow policy
23 2007/07/24 12:57:59 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 18596
60 Does not match allow policy
24 2007/07/24 12:57:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62
Does not match allow policy
25 2007/07/24 12:57:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892
62 Does not match allow policy
26 2007/07/24 12:57:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 14354 10.10.1.8 791 66 Does
not match allow policy
27 2007/07/24 12:57:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12
91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62
Does not match allow policy
28 2007/07/24 12:57:20 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 985 62
Does not match allow policy
29 2007/07/24 12:57:19 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
30 2007/07/24 12:57:14 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7
FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does
not match allow policy
31 2007/07/24 12:57:12 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12
91 7F 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.82 514 10.10.1.8 1022 60
Does not match allow policy
32 2007/07/24 12:56:59 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 18596
62 Does not match allow policy
33 2007/07/24 12:56:58 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62
Does not match allow policy
34 2007/07/24 12:56:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
35 2007/07/24 12:56:50 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7
FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does
not match allow policy
36 2007/07/24 12:56:47 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892
62 Does not match allow policy
37 2007/07/24 12:56:45 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12
91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62
Does not match allow policy
38 2007/07/24 12:56:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 14354 10.10.1.8 791 66 Does
not match allow policy
39 2007/07/24 12:56:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
40 2007/07/24 12:56:38 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 877 60
Does not match allow policy
41 2007/07/24 12:56:38 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7
FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does
not match allow policy
42 2007/07/24 12:56:32 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14
98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does
not match allow policy
43 2007/07/24 12:56:32 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7
FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does
not match allow policy
--
o o o Manel Rodero | LCFIB - UPC
o o o Systems Manager | Campus Nord - Modul B6
o o o Laboratori de Calcul | Jordi Girona, 1-3
U P C Facultat Informatica Barcelona | 08034 Barcelona (Spain)
|
manel AT fib.upc DOT edu | Tel: +00 34 93 401 6940
http://www.fib.upc.edu/~manel | Fax: +00 34 93 401 7040
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Networker] Why a client/server communication doesn't use the standard ports?,
Manel Rodero <=
|
|
|