Re: Getting App to use same port

• Previous message: Cosmic Cruizer: "Getting App to use same port"
• In reply to: Cosmic Cruizer: "Getting App to use same port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 20 Sep 2004 22:05:54 -0400

In article <Xns956AB5FDDD8DBccruizermydejacom@64.164.98.50>,
 XXjbhuntxx@white-star.com (Cosmic Cruizer) wrote:

> I have a Solaris 8 box located in a DMZ. There is an RPC application on the
> box in the DMZ that needs to communicate with a box in our intranet. I've
> opened the port through the firewall for the RPC call to go from the DMZ to
> the intranet, but that is only half the battle. The application does not
> always send from the same port, therefore, the return path may be different
> each time. Since I am not allowed to open a wide range of ports, I need to
> have the application use the same port each time.
>
> How can I setup the box in the DMZ to use the same port each time?

There's no system-wide way to configure this, it's up to the
application. Normally, client applications just let the system pick the
next available port. Unless the application provides a configuration
option to force a particular port, that's what will happen.

You need a stateful firewall. When it sees the request packet, it will
remember the source port and allow the replies back through.

If you're using a Cisco router, I believe its CBAC mechanism can be used
for this.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

• Previous message: Cosmic Cruizer: "Getting App to use same port"
• In reply to: Cosmic Cruizer: "Getting App to use same port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]