Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Networker] Why a client/server communication doesn't use the standard ports?

2007-07-24 08:08:29
Subject: [Networker] Why a client/server communication doesn't use the standard ports?
From: Manel Rodero <manel AT FIB.UPC DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 24 Jul 2007 14:04:49 +0200 
Hello,
I've asked before things related to firewall rules without responses. I hope now someone has an idea about why this is happening...
I've set firewall rules between Legato client/servers so that only the standard ports 7937-9936 and 10001-30000 are allowed. Some of our clients fail sometimes and when this happens we can see that the firewall is blocking the communications because its source/target ports like in this fragment: 

Server = 10.10.1.8

The rules we have are the following:

ALLOW
From Legato Clients (10001-30000) --> To Legato Server (7937-9936)
- This rule is for client starting connections to the server

ALLOW except SYN
From Legato Clients (7937,7938) --> To Legato Server (Any)
- This rule is for receiving the response of server starting connections
Do you know why clients are trying to connect for example to port 909 in the server? 

Thank you very much.
# Date Time Direction Interface EthType Source MAC Destination MAC Protocol Flags Source IP Source Port Destination IP Destination Port Packet size Reason 13 2007/07/24 12:59:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 881 60 Does not match allow policy 14 2007/07/24 12:59:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 15892 60 Does not match allow policy 15 2007/07/24 12:59:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12 91 7F 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.82 514 10.10.1.8 833 60 Does not match allow policy 16 2007/07/24 12:59:13 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 17 2007/07/24 12:58:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62 Does not match allow policy 18 2007/07/24 12:58:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892 62 Does not match allow policy 19 2007/07/24 12:58:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12 91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62 Does not match allow policy 20 2007/07/24 12:58:20 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 985 60 Does not match allow policy 21 2007/07/24 12:58:13 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 22 2007/07/24 12:58:02 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7 FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does not match allow policy 23 2007/07/24 12:57:59 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 18596 60 Does not match allow policy 24 2007/07/24 12:57:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62 Does not match allow policy 25 2007/07/24 12:57:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892 62 Does not match allow policy 26 2007/07/24 12:57:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 14354 10.10.1.8 791 66 Does not match allow policy 27 2007/07/24 12:57:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12 91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62 Does not match allow policy 28 2007/07/24 12:57:20 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 985 62 Does not match allow policy 29 2007/07/24 12:57:19 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 30 2007/07/24 12:57:14 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7 FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does not match allow policy 31 2007/07/24 12:57:12 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12 91 7F 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.82 514 10.10.1.8 1022 60 Does not match allow policy 32 2007/07/24 12:56:59 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 18596 62 Does not match allow policy 33 2007/07/24 12:56:58 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 881 62 Does not match allow policy 34 2007/07/24 12:56:52 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 35 2007/07/24 12:56:50 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7 FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does not match allow policy 36 2007/07/24 12:56:47 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.133 9558 10.10.1.8 15892 62 Does not match allow policy 37 2007/07/24 12:56:45 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 12 91 7F 00 15 C5 F6 56 68 TCP ACK SYN 10.10.1.82 514 10.10.1.8 833 62 Does not match allow policy 38 2007/07/24 12:56:41 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 14354 10.10.1.8 791 66 Does not match allow policy 39 2007/07/24 12:56:39 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 40 2007/07/24 12:56:38 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP ACK RST 10.10.1.133 9558 10.10.1.8 877 60 Does not match allow policy 41 2007/07/24 12:56:38 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7 FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does not match allow policy 42 2007/07/24 12:56:32 Incoming 00 15 C5 F6 56 68 IP 00 09 3D 14 98 A2 00 15 C5 F6 56 68 TCP SYN 10.10.1.133 18431 10.10.1.8 909 66 Does not match allow policy 43 2007/07/24 12:56:32 Incoming 00 15 C5 F6 56 68 IP 00 06 5B F7 FA F5 00 15 C5 F6 56 68 TCP SYN 10.10.1.43 20029 10.10.1.8 971 74 Does not match allow policy 

--

o o o  Manel Rodero                   | LCFIB - UPC
o o o  Systems Manager                | Campus Nord - Modul B6
o o o  Laboratori de Calcul           | Jordi Girona, 1-3
U P C  Facultat Informatica Barcelona | 08034 Barcelona (Spain)
                                      |
       manel AT fib.upc DOT edu              | Tel: +00 34 93 401 6940
       http://www.fib.upc.edu/~manel  | Fax: +00 34 93 401 7040

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Client Listing, michael mcgearty
Next by Date:  Re: [Networker] Why a client/server communication doesn't use the standard ports?, Davina Treiber
Previous by Thread:  Re: [Networker] Inventory of load ports?, Ron Benton
Next by Thread:  Re: [Networker] Why a client/server communication doesn't use the standard ports?, Davina Treiber
Indexes:  [Date] [Thread] [Top] [All Lists]