LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-09-2008, 10:55 AM   #1
Tom Douglas
Member
 
Registered: Jun 2007
Posts: 89

Rep: Reputation: 15
Changing ports enoute


In an example log entry below, I'm showing an SPT (I guessing source port) of 32771, and a DPT (guessing destination port) of 53 (DNS).

Why two different ports? Is the port assignment getting changed between the sending NIC and receive NIC? Or am I reading this wrong? I'm wondering how to handle these in my iptables.

Quote:
Rejected: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=47496 DF PROTO=UDP SPT=32771 DPT=53 LEN=51
Thank you!

Tom D.
 
Old 02-09-2008, 11:36 AM   #2
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
It's called session multiplexing, if I remember properly.

That's what allows you to open multiple sessions to the same host. For example, when you connect to a web server, if you only connected to and from port 80, you'd only be able to have one session open. That's slow and inefficient. So you hit the same web server from a multitude of source ports, and they all point at port 80; you can get several requests at once from a single web server.

Anyway, it's normal and all good. Generally, you filter your outbound traffic by destination port, or IP. You filter your inbound via source port, or IP. So for a DNS request, you'd want to allow anything out destined for port 53, and anything in sourced from port 53.

Decent explanation?
 
Old 02-09-2008, 03:10 PM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
well it's not really called anything, that's just the way tcp sockets work.

client / source port numbers are picked generally from an "ephemeral" range, which is a block of space somewhere above port 1024, often way past there, which any process is allowed to open. non-root processes can't open a port under 1024 for security reasons, but essentially there is no relation between a source and destination port (except in some unusal cases like dhcp)

a tcp connection is defined as client_ip:client_port <--> server_ip:server_port and both parties keep track of those 4 attributes (amongst others relevant within that known connection) and so know what connection that is.
 
Old 02-11-2008, 08:32 AM   #4
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
Yes, it is called multiplexing. Here are a few web sites to describe it.

http://ntrg.cs.tcd.ie/undergrad/4ba2...t/5.cd.03.html
http://www.citap.com/documents/tcp-ip/tcpip013.htm
http://www.tcpipguide.com/free/t_TCP...pplicati-2.htm

It's not "just the way TCP sockets work." It's done for a reason, and a rather good one.
 
Old 02-11-2008, 10:13 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
well i know it's for a reason..! Just that it's such a fundamentally low level piece of TCP/IP, it's not something that you actively look to modify or question to any extent.
 
Old 02-11-2008, 10:21 AM   #6
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
Sure you question it. That's how you learn.

Not to mention, knowing why it does what it does can come in handy later. Take this, for example. The OP had no knowledge of TCP/IP multiplexing, and as far as he knew, his ports were getting switched around en-route.

Imagine when he saw several connections to the same server from different ports. Someone not having knowledge of why this happens could be a little freaked out, and that's never good (although it can be funny.) lol

Personally, I've never accepted, or given a "just because" answer. While you can't change it, in depth knowledge of how something works is much better. Imagine if your phones were set up and the TDM used to separate phone calls was just accepted and never improved upon. You wouldn't have TDM over fiber, you wouldn't really have modems, and you wouldn't have DSL (since it uses frequency division multiplexing). Same with TCP/IP multiplexing; if you don't question how it works, you'll never know how it works, why it works, why it's implemented, and the massive number of uses for it.

Just imagine, as another example, if I just accept QoS for what it is in my job, but had no understanding of it. I'd have 4000 very unhappy VoIP users on my network, and I'd have no clue what was going on.
 
Old 02-11-2008, 10:26 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
ever wished you'd not phrased something the way you had?

qos?

Router(config-if)#auto qos voip
Router(config-if)#

what's to learn??

if you use Cisco Call Manager like we do, you've probably got 4000 unhappy users whatever you do.

Last edited by acid_kewpie; 02-11-2008 at 10:27 AM.
 
Old 02-11-2008, 10:47 AM   #8
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
Originally Posted by acid_kewpie View Post
ever wished you'd not phrased something the way you had?
LOL. Noooooo. Never!
 
Old 02-11-2008, 10:47 AM   #9
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
Not to sound demeaning, but auto qos voip illustrates where "just because" can get you.

While it can be used to QoS a network, it is not the end-all-be-all to QoS solutions, nor should it really be used permanently. It is a tool for base lining the QoS your network should need, and is a suggestion. You can choose to continue using it or not, but it will not always solve your problems. Cisco actually doesn't recommend you implement it as a permanent solution on your network.

Quote:
Yes, auto-qos is allowed in the lab. We used prohibit the usage of this feature, however, the retriction is lifted more than a year ago because it is indeed a useful feature for our customers. With that being said, I recommend you to use auto-qos to asssit you to establish a baseline QoS configuration, then read the lab question requirements carefully to make sure you customize or edit the configs to meet the specific requirements.
Found in this thread regarding CCIE-V from NetPro: http://forum.cisco.com/eforum/servle...lected_message

The post is from BennG.

We actually use CallManagers; around 14 of them. Users are actually rather happy because the network is properly designed and the 6 engineers responsible for it have have in-depth knowledge of networking and the protocols.

Quote:
ever wished you'd not phrased something the way you had?
The story of my life.
 
Old 02-11-2008, 10:51 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
Note to self. Never make jokes to ARC1450.
 
Old 02-11-2008, 03:18 PM   #11
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
I never joke. 100% serious.

Am I serious, or am I joking? The world may never know.

Now see, if you'd have said Unity and Lotus were the bestest of buddies and worked flawlessly together, there's a joke. You'd have had me in stitches for the next 6 months with that. :-P

Keep in mind, I just came off a job with a "network manager" that thought himself a Cisco god. The guy barely knew what QoS stood for, and had absolutely no good words for Cisco's AVVID implementation.

Last edited by ARC1450; 02-11-2008 at 03:20 PM.
 
Old 02-16-2008, 10:58 AM   #12
Tom Douglas
Member
 
Registered: Jun 2007
Posts: 89

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ARC1450 View Post
It's called session multiplexing, if I remember properly.............
Ahh...That makes sense. It had my curiousity.

Now I just have to figure out how to make those adjustments in the firewall.

Thanks much for the help!

Tom D.
Denver, Colorado
 
Old 02-16-2008, 11:28 AM   #13
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
well the source port is *very* seldom deemed "interesting" in firewall rulesets, only the destination.
 
Old 02-17-2008, 06:41 AM   #14
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie View Post
well the source port is *very* seldom deemed "interesting" in firewall rulesets, only the destination.
Agreed. I actually can't think of any situation I worry about the source port, except in the case of NTP.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH and the changing ports it uses ille.pugil42 Linux - Security 2 02-13-2007 05:22 PM
Is my DSL provider changing the status of my ports FTP, HTTP? IS it possible? doraimom Linux - Networking 5 08-20-2006 10:50 PM
Changing ipv4's ports range in runlevel tuanito Linux - Networking 2 08-07-2006 07:45 AM
changing ports on dyndns.org Zaius Linux - Newbie 2 01-15-2004 02:14 PM
Changing default ports for smoothwall lhiggins Linux - Newbie 9 04-24-2003 12:12 PM


All times are GMT -5. The time now is 07:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration