Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allowing the communication on certain ports

Status
Not open for further replies.
boredtodeath20

boredtodeath20

Technical User
May 1, 2002
1
AU
Hi all,

I am using Winroute Pro 4.x proxy\firewall. I have used the sample\help Packet Filtering example to set up packet filtering on my gateway. Port mapping has also be done. Rather than explaining all packet filtering rule I will just refer to as "Allowing Communications on Certain Ports", which is in the help of Winroute software. Under the instructions I can allow incoming and outgoing packets for WWW, SMTP, POP3 and FTP server. All other communications should be prohibited.

Below are my problems:

1. The last "cleanup rule"

Incoming Tab - TCP Deny all incoming packets, Source IP Any, Source Port Any, Destination IP Any, Destination Port Any

When this rule is applied I no longer have access to the Internet from the browser and from all machines even from the gateway box. When I get rid of this rule then the problem is solved. I would like to have maximum security in place hence I would like to use this rule, can any one suggest why is this happening?

2. I have a domain Controller in my network and it needs access to net time server but when I use the command to give it access to an external time server it does not do so. It appears that the appropriate port is not open for it to connect to a time sever? I am happy to use either TCP or UDP to connect. What should I do to fix this problem?

3. I can only ping to the outside world from my gateway box, other machines behind the proxy\firewall comes with an error "Host unknown" when pinging a known host on the internet. Locally I am running a cache only DNS server, I am using my ISP's DNS servers for internet name resolution which is define in my network card settings. What should I do to fix this problem?

4. Machines behind the winroute PC does not have access to MSN Messanger, which port needs to be open?

can some one help me?? Please help.

Cheers.
 
Sort by date Sort by votes
You may have found solutions by now but I will post these answers anyway;

1/ Definitely maximum security here, You turned the firewall into a brickwall and shut out all traffic.

2/ The port assigned to time is 37 both for TCP & UDP

3/ Turn off the Winroute DNS. Put the ISP DNS servers as forwarders on your local DNS Server and only define the local DNS server in the network settings

4/ The port for MSN Messenger is 1863 TCP & UDP


Common Ports

IANA full list

Chris.
 
Upvote 0 Downvote
I have winroute pro unlimited version,Installed on a 2000 server.My workstations are not able to log on to MSN MESSENGER.
According to your last reply to someone you said to put TCP\UDP as 1863 but what would be the destination IP address.

Pls find a solution for this.
 
Upvote 0 Downvote
I have our winroute machine set up with the last clean up rule and it works great. You are not closing it up completly if you have rules to let certian things in and out. I have all of our rules in there, then the last one is to block everything. This means that it will block everything but the rules that are applied before the clean up rule. Let me know what rules you have in place and I can compare them to ours and see if we can figure it out.
 
Upvote 0 Downvote
I have the same prob. Where there a solution? Maybe I'm doing the same error.

/Topz
 
Upvote 0 Downvote
Here's my setup:

I use NAT, so this only applies to people who use NAT.

I dont have any rules at all set in the packetfilter/ port mappings. The fact is, that winroute NAT blocks any incoming traffic of which the request did not originate from the private network anyway. All incoming packets that are a response to traffic from the private network ARE allowed in and routed to the correct IP. This is the standard NAT rule, and all packets are checked through the NAT table. The NAT table is the way winroute can see if a packet is legal or illegal (a hack). Using filter rules to block traffic is like telling winroute not to distinguish between these two types of incoming traffic. Hence the effect is that nothing can get in, not even the webpages you requested, to name one example.

So you could say, that the firewall and NAT in winroute are kind of fused together, they work together.

My best experience is simply not to block any incoming traffic, unless there is a specific internet IP or port that you want to block. this gives the least amount of problems. I have been using winroute now for years, and havent had any hacker in yet.
 
Upvote 0 Downvote
So what is the best config for using file xfer through the NAT or FW?
 
Upvote 0 Downvote
Dear All, can anyone help me, I have winroute pro and KAZA and MSN work fine on the server connected but on other machines they do not work at all. What do I have to do to get them going?

Thanks if you can help me.
 
Upvote 0 Downvote
To all,
I have a server OS 2003 enterprise. Winroute Pro unlimited. i opened ports: 6891-6900 TCP to the ip adres of your ISP. This works perfectly! You can even file transfer.

By allowing it to port to your IP of ISP, you can actually transfer files on every computer within your domain/network.
 
Upvote 0 Downvote
I have Pro 4.2 and am about to purchase 5.
Had a problem of someone outside being connected and running a .WAV file on a users machine on our local LAN.
We have NAT running though, I thought ip/port would have to have originated from inside and not outside. Yet user tells me he is not running this.

Is there a workaround or will the update to 5.0 cure this hack, if it is one.
 
Upvote 0 Downvote
I'm using NAT and have two subnets, one with our AS/400 server, the other with the ISP using Winroute all machines on that network can have access to all resources of my servers and also get online but,.. not msn messenger.
my config is as follows,... the eth cable that comes from my dsl modem goes to the lan switch, and the one that comes from the Cisco router as well... at this point I'm using a Winxp w/winroute 4.2.5 with 2 NICs, evrything seems to be ok,.. I also have some rules,.... incoming: IP any address any port permit all, outgoing: TCP any host on port 80 deny (internet card) and TCP any host on port 80 permit (lan card)
I force users to use proxy:3128.....I do NAT on Internet interface w/ISP DNS and everything working fine, and I don't NAT on LAN card, just the IP and mask, no gtwy.
I have tried to change the registry,.. messenger.hotmail.com;207.46.104.20:1863 and several more,..but nothing, I just can't have access to msn msgr on the network machines, what can I do to solve this problem? should I change my winroute?... should I ignore proxy and do it by NAT?...
any help will be appreciated,... thanks in advance!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
271
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
235
nnaarrnn
nnaarrnn
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
75
gbayi_omo
gbayi_omo
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
91
Russtoleum
Russtoleum
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
89
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top