site Search:


 
    All Forums Hot Topics Gallery






how-to block ads


 
Search Topic:
Share Topic
Posting?
Post a:
Post a:
Links: ·AT&T Southeast Forum FAQ ·AT&T Southeast Support ·AT&T Southeast Newsgroup Support ·AT&T Southeast Speed Test
AuthorAll Replies

impala

join:2008-03-08
Clemson, SC

1 edit

reply to impala

Re: 327w firewall "state" rule times out in 10sec?!?

so I've already mentioned that http; https; and ssh fail after approximately 10 seconds of inactivity when I enable the state action in the outbound firewall.

However, NNTP (port 123) and DNS (port 53) fail unless I enable the state action in the firewall; or explicitly enable them for dynamic NAT. They fail because the inbound firewall drops them AFTER NAT does it magic and converts the destination IP. I don't understand the difference between how NAT handles SSH; HTTP; HTTPS; and NNTP; DNS. I suppose SSH; HTTP; and HTTPS are hard-coded for dynamic NAT even though they do not show up in the list of enabled NAT client services? And NNTP; and DNS are not hard-coded and must be manually enabled?

And I still fail to understand how enabling the state action on HTTP; HTTPS; and SSH cause them to fail, even if they are using dynamic NAT.

3   04/06/2008 13:27:38 Inbound       1  RulesInDropAll  Drop All Unsolicited Inbound 
IP Packet Header:
Src Addr : 130.127.8.8  Dest Addr: 192.168.19.239
UDP Packet Header:
   Src Port: 53  Dest Port: 49273
 
4   04/06/2008 13:27:28 Inbound       1  RulesInDropAll  Drop All Unsolicited Inbound 
IP Packet Header:
Src Addr : 17.254.0.27  Dest Addr: 192.168.19.239
UDP Packet Header:
   Src Port: 123  Dest Port: 123
 

impala

join:2008-03-08
Clemson, SC

Click for full size
NAT config
and for good measure, the NAT config:


sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:14

Let's see if we can find you some help in our AT&T Southeast forum.

Good luck.


Sunday, 12-Feb 17:09:41 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online! © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics