| Subject | RE: [firebird-support] Re: Events and Firewall again |
|---|---|
| Author | Gary Benner |
| Post date | 2005-08-14T05:37:24Z |
[Reply]
Hi all,
At 16:39 on 14/08/2005 Fabiano wrote
Your incoming connection from home to the FB server in the DMZ is obviously working. This will be because you have a ruleset that allows INTERNET --> DMZ forwarding on port 3050, with the messages on Port 3050 forwarded to the FB Server IP z.z.z.z.
However, the event notification is a separate connection, initiated by the FB Server, going to your home computer at it's IP number x.x.x.x, using port 3060. The firewall must be configured to allow this connection to happen. So in the firewall rules must be a second ruleset that allows DMZ --> INTERNET forwarding on Port 3060 from the FB Server, and it could also force a destination of your home IP number x.x.x.x. The should also be a SNAT (Source Network Address translation) rule that manages the DMZ outgoing connections, so that the DMZ Ip number z.z.z.z gets replaced by your office IP Number d.d.d.d.
Without this the FB server will not be able to establish a connection wiht your home computer. Do you have a firewall at home as well?
What firewall are you using? If it's an iptables based script I can help. (perhaps off list for obvious reasons)
regards
Gary
Ref#: 41006
[Non-text portions of this message have been removed]
Hi all,
At 16:39 on 14/08/2005 Fabiano wrote
>After some tests, i got some interesting results:The firewall manages connections.
>
>- I set 'RemoteAuxPort' in my server to 3060.
>- My server is a DMZ (firewall forwards all incoming traffic on all
>ports directly to the server).
>- I did an application that listen to events and i'm running it in my
>home computer.
>- I have Ethereal running in my home computer, capturing all traffic.
>- I open my application, which connects to my server, which post a
>event, and the application receive the event and then close the
>connection.
>
>Looking to the captured traffic, i see no packet with source or
>destination port equal to 3060. I see a connection was made to port
>3050 and another to port 32785.
>
>Is it expected?
Your incoming connection from home to the FB server in the DMZ is obviously working. This will be because you have a ruleset that allows INTERNET --> DMZ forwarding on port 3050, with the messages on Port 3050 forwarded to the FB Server IP z.z.z.z.
However, the event notification is a separate connection, initiated by the FB Server, going to your home computer at it's IP number x.x.x.x, using port 3060. The firewall must be configured to allow this connection to happen. So in the firewall rules must be a second ruleset that allows DMZ --> INTERNET forwarding on Port 3060 from the FB Server, and it could also force a destination of your home IP number x.x.x.x. The should also be a SNAT (Source Network Address translation) rule that manages the DMZ outgoing connections, so that the DMZ Ip number z.z.z.z gets replaced by your office IP Number d.d.d.d.
Without this the FB server will not be able to establish a connection wiht your home computer. Do you have a firewall at home as well?
What firewall are you using? If it's an iptables based script I can help. (perhaps off list for obvious reasons)
regards
Gary
Ref#: 41006
[Non-text portions of this message have been removed]