RE: Need to get application past firewall
- From: Brian Hodges <BrianH@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 20 Feb 2002 23:29:07 -0800
Hi Tom,
The single frame was to give you all the info on where and how the
application is communicating. IP address 63.89.49.205 on port 2010. If you
want to play with the application it is at
http://www.worldpac.com/dial.html.
I have searched the logs for this ip address and its not there?
As I am opening holes in the firewall I would really not want give my logs
on this list. Can I mail directly to you?
How can I open the firewall up so it does not block any traffic in or out,
just does it's NAT job but does not block?? This is just for testing :)
Brian
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 19, 2002 9:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Need to get application past firewall
http://www.ISAserver.org
Hi Brian,
A single frame isn't too helpful :-)
The packet filter and firewall logs would be a lot more helpful. Even
more helpful would be to tell where this site and application is so that
we can test it.
HTH<
Tom
www.isaserver.org/shinder
-----Original Message-----
From: brianh@xxxxxxxxxxxxxxxxxxx [mailto:brianh@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 19, 2002 11:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Need to get application past firewall
http://www.ISAserver.org
Hello all,
I have a firewall setup doing nat with an outside static ip. I have
internet access and all seems ok except for one thing. We run one
application that connects to the internet to a server on port 2010 for
information and port 80 for images. I have not been able to get the
application to communicate through the firewall. I know of people
running
behind a nated router from there isp and all is ok. I see it logging in
the NT event log that it is dropping packets but nothing showes up in
the
ISA logs to indicate why they are being dropped? Bellow is a capture of
the packet leving the computer on the way to the firewall. I have
opened
up the firewall as far as I no how and still no luck. Help!!!
4 5.686987 LOCAL 00105A703632 TCP ....S., len: 0,
seq:1883033075-1883033075, ack: 0, win:16384, src: 2673
dst: 2010 BRIAN 63.89.49.205 IP
Frame: Base frame properties
Frame: Time of capture = 2/19/2002 20:50:30.627
Frame: Time delta from previous physical frame: 0 microseconds
Frame: Frame number: 4
Frame: Total frame length: 62 bytes
Frame: Capture frame length: 62 bytes
Frame: Frame data: Number of data bytes remaining = 62 (0x003E)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 00105A703632
ETHERNET: .......0 = Individual address
ETHERNET: ......0. = Universally administered address
ETHERNET: Source address : 005004D4C31E
ETHERNET: .......0 = No routing information present
ETHERNET: ......0. = Universally administered address
ETHERNET: Frame Length : 62 (0x003E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 48
(0x0030)
IP: ID = 0xF1A1; Proto = TCP; Len: 48
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 48 (0x30)
IP: Identification = 61857 (0xF1A1)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = TCP - Transmission Control
IP: Checksum = ERROR: CheckSum is 0x0000, Should be 0xCD42
IP: Source Address = 192.168.10.21
IP: Destination Address = 63.89.49.205
IP: Data: Number of data bytes remaining = 28 (0x001C)
TCP: ....S., len: 0, seq:1883033075-1883033075, ack: 0,
win:16384, src: 2673 dst: 2010
TCP: Source Port = 0x0A71
TCP: Destination Port = 0x07DA
TCP: Sequence Number = 1883033075 (0x703CCDF3)
TCP: Acknowledgement Number = 0 (0x0)
TCP: Data Offset = 28 (0x1C)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x02 : ....S.
TCP: ..0..... = No urgent data
TCP: ...0.... = Acknowledgement field not significant
TCP: ....0... = No Push function
TCP: .....0.. = No Reset
TCP: ......1. = Synchronize sequence numbers
TCP: .......0 = No Fin
TCP: Window = 16384 (0x4000)
TCP: Checksum = 0xB6C0
TCP: Urgent Pointer = 0 (0x0)
TCP: Options
TCP: Maximum Segment Size Option
TCP: Option Type = Maximum Segment Size
TCP: Option Length = 4 (0x4)
TCP: Maximum Segment Size = 1460 (0x5B4)
TCP: Option Nop = 1 (0x1)
TCP: Option Nop = 1 (0x1)
TCP: SACK Permitted Option
TCP: Option Type = Sack Permitted
TCP: Option Length = 2 (0x2)
00000: 00 10 5A 70 36 32 00 50 04 D4 C3 1E 08 00 45 00
..Zp62.P......E.
00010: 00 30 F1 A1 40 00 80 06 00 00 C0 A8 0A 15 3F 59
.0..@.........?Y
00020: 31 CD 0A 71 07 DA 70 3C CD F3 00 00 00 00 70 02
1..q..p<......p.
00030: 40 00 B6 C0 00 00 02 04 05 B4 01 01 04 02 @.............
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
brianh@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
