Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP/IP conflict with Firewall between Internal and External address

Status
Not open for further replies.
ZulZurrander

ZulZurrander

IS-IT--Management
Feb 22, 2003
4
US
Running a small network with win98. Currently internal IP is 192.168.4.129, externall adress 64.113.2.53., externall is providing gateway to internet.

Problem is that with certain aplications, we are receving, "firewall detected" and unable to run aplication. Any recommendations.
 
Sort by date Sort by votes
DNS SERVER currently 64.113..., usually the error received is a "comflict error between internall and externall adress"
 
Upvote 0 Downvote
What kinds of applications are you getting the warning with? Certain protocols, especially like H.32x (Voice or Video over IP) require that you have a protocol aware proxy, rather than a simple firewall. That is because they use a TCP protocol to set up a UDP connection between the two computers. When you use NAT, the address contained inside the TCP setup packets does not get changed, so they get your real IP address, 192.168.4.129 in the call setup message. Obviously, they can't actually find that address on the Internet, so they send you back a warning to that effect.

Another protocol that frequently exhibits this type of response is IPSEC. Your certificate gets associated with your actual IP address and can't be NAT'd. If you are a VPN client, it is usually OK, but if you are attempting to do Peer VPN connections, then you need a static, resolvable address.
pansophic
 
Upvote 0 Downvote
Thanks Pan,

As much as I hate to admit it, it is gaming software that is causing the issue. We can access the internet just fine, but when clients want to go to for example, gamespyarcade.com, is were we run into problems.
 
Upvote 0 Downvote
I didn't even think about games. Many of them used a fixed source as well as destination port and make it impossible to connect more than a single host through a NAT'd router or firewall. You may want to run ethereal to determine if this is your problem or not, but the symptoms should be that you cannot have more than a single client connected to a given game at any given time.

Good luck!
pansophic
 
Upvote 0 Downvote
Thanks again, While I wait for ethereal results, any reccomendations. The client is a hard core gamer, He and a few of his coworkers are a little in the obssesed side. Any reccomendations on what I might be able to do?
 
Upvote 0 Downvote
I helped a friend work around this kind of problem by putting a Linux firewall with multiple interfaces behind his cable modem. Then we got DHCP addresses from the ISP for each of the interfaces and statically NAT'd each of his computers through a different interface. It was kind of messy to set up, but it allowed him to run 3 simultaneous gaming sessions through his cable modem.

Personally, I'd tell them tuff, and force them to pay the ISP for the services that they will be consuming.
pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

robocat
  • Locked
  • Question
Yet another TCP RST flag problem
Replies
0
Views
541
robocat
robocat
CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
763
maybeimaleo
maybeimaleo
Wajdi Zghal
  • Locked
  • Question
Sipp between 2 VM
Replies
0
Views
498
Wajdi Zghal
Wajdi Zghal
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
641
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
567
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top