Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 10:51:44 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  Port Forward- IS changing SYN packets to ACKs??
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Port Forward- IS changing SYN packets to ACKs??  (Read 8916 times)
yeganeh
Jr. Member
*
Offline Offline

Gender: Female
Posts: 2



« on: Sunday 01 August 2010, 10:46:37 pm »

I’m using Endian 2.3 and trying to forward 192.168.70.0 /24 port 4100 traffic to the internal server which is located on the green network with IP 192.168.40.40 port 7100. To configure this scenario I followed these steps:

1- Port Forwarding/ NAT > Destination NAT
    1-1 Access From: Network IP/Range:  192.168.70.0 /24
    1-2 Target: Zone/VPN/Uplink: ANY Uplink
    1-3 Filter Policy: ALLOW
    1-4 Service: ANY , Protocol: TCP, Target: 4100   
    1-5 Translate to: IP,   DNAT Policy: NAT
    1-6 Insert IP:  192.168.40.40, port: 7100

2- Outgoing Traffic
    2-1 Source: Network/IP , IP: 192.168.40.40
    2-2: Destination: Network/IP, IP: 192.168.70.0 /24
    2-3 Service: ANY, Protocol: TCP, Destination Port: 4100
    2-4 Policy: ALLOW

3- System Access
    3-1 Source address: 192.168.70.0/24    3-2: Source Interface: RED
    3-3 Service: ANY, Protocol: TCP, Destination Port: 7100
    3-4 Policy: ALLOW

Unfortunately, the DNAT rule is not working as planned.
I monitored the connections in the status section of the Endian system and I can see that the DNAT properly directs the packets and I monitored the my server (IP 192.168.40.40) with TCPDUMP and I found that the server receive packets but unfortunately the connection is not been built because the initial SYN packets from my client to my server is being translated by Endian Firewall into ACK packets which is preventing the initial 3 way handshake establishing.

TCPDUMP of  192.168.40.40

IP 192.168.70.92.50924 > 192.168.40.40.7100: S 1705309870:170530     
 9870(0) win 5840 <mss 1460,sackOK,timestamp 1791227116[|tcp]>
        0x0000:  4500 003c 1f9b 4000 3f06 f7d5 c0a8 7723  E..<..@.?.....w#
        0x0010:  c0a8 2bd7 c6ec 0016 65a4 f6ae 0000 0000  ..+.....e.......
        0x0020:  a002 16d0 89de 0000 0204 05b4 0402 080a  ................
        0x0030:  6ac3 f4ec 0000                           j.....

Am I missing something simple here? What should I do to solve this problem??
Thanks in advance for you help...
Logged

Yeganeh
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com