Knowledgebase

Portal Home > Knowledgebase > Articles Database > Weird router packet


Weird router packet




Posted by andretenreiro, 06-17-2009, 05:35 AM
We have a license application client(IBM/LUM) that connects to a license server outside our network. The clients works this way... it binds a random port and tries to connect to the remote IP with UDP port 1515. Through wireshark I could see that it reaches the destionation, although the way back is unreachable. If I add this random port to our router Port Forward rule, it works perfectly. Although this is not a solution cause the port is changing every time. Isnt this strange? Other applications open random ports as well and comunication is two-way reachable. If I connect directly to the internet, it works perfectly as well. What can I try to do with our ZyWall USG300 Router to fix this situation?
Posted by ClaudiuPopescu, 06-17-2009, 06:20 AM
I guess that the "license application client(IBM/LUM)" server uses a local ip address (something like 192.168.x.x), am I wrong ? In this case your local ip can't be reachable from outside your network without port forwarding or full DNAT. Anyway, many routers have fixes for this issue, you just need to read the manual.
Posted by andretenreiro, 06-17-2009, 09:25 AM
But... if 192.168.1.1:1200 starts a connection with 208.153.257.20:1515 isnt the source port 1200 will available from outside connectioins? For example, the browser opens several local ports to connect to remote port 80 and the local ports receives back the data.
Posted by plumsauce, 06-17-2009, 05:20 PM
What you need is something like the way NAT/PAT works on home broadband routers. Other terminology that fits the situation is a stateful firewall. What it means is that the firewall knows what UDP packets have exited through the firewall, and thus, which packets to allow back in as responses. It does this by looking at the source address and port as well as the destination address and port. An inbound packet from the destination with a matching address and port will be allowed in as a response to the original packet for XX seconds. An alternative, but riskier config, is to allow inbound UDP packets only so long as they come from licenseserver:1515 If you do this, you would be counting on the odds that you will not see such an address:port combination unless someone else knows exactly what they are spoofing.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Billing/Support program (Views: 619)
have a problem with dns in windows server 2008 (Views: 622)
IGXHost entire website down (Views: 649)
Mysql error (Views: 611)
reliable reseller (Views: 594)