Re: without selecting the right interface communication won't work ?
From: Chris Pearson (ChrisCPearson_at_acm.org)
Date: 10/29/03
- Next message: Duane Arnold: "Re: Duane Arnold to star in "Chimpie in the mist""
- Previous message: Memnoch: "Re: How effective is a router as a firewall?"
- In reply to: Skybuck Flying: "without selecting the right interface communication won't work ?"
- Next in thread: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- Reply: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- Reply: David Schwartz: "Re: without selecting the right interface communication won't work ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Oct 2003 19:13:22 -0800
"Skybuck Flying" <nospam@hotmail.com> wrote in message news:<bnj7ae$9oi$1@news1.tilbu1.nb.home.nl>...
> Hi,
>
> In this scenerario communication won't work with UDP.
>
> Computer 1 <-> Computer 2
>
> Both computers have zone alarm pro 4 firewall.
>
> Each computer opens a udp port/socket with interface address set to any
> address and interface port set to any port.
>
> Once they are opened the user sets the destination address and destination
> port on both computers to match the address and port selected by winsock/the
> system.
>
> After winsock has opened the sockets... both interface addresses are still
> 0.0.0.0 ???
>
> What happens is one of the firewalls blocks the traffic. ( At computer 2
> that has 2 network cards )
>
> Zone alarm pro firewall will say it blocked the traffic. ( routed ? )
>
> Any idea what is going on here ?
>
> Why does zone alarm pro firewall block it... first it seems zone alarm opens
> the port... but when something is received it will still block it ?
>
> Skybuck.
My theory is this: Assuming a typical configuration, ZA allows UDP
packets from the Internet zone only when it knows that an authorized
application wants them. Since there are two NICs on the multi-homed
host (computer 2), binding a socket to INADDR_ANY (0.0.0.0) is
ambiguous -- ZA can't be sure which interface the app wants to receive
from. My guess is that in that case, being a firewall, ZA plays it
safe and blocks packets from the Internet zone. When the app
explicitly binds to the Internet NIC, ZA knows the app wants to
receive from the Internet, and lets the packets through. But then
again, I don't work for Zone Alarm, so I could be wrong. If you had
another host connected on the private net to computer 2, you could
test this -- if I'm right, the app would be able to receive UDP
packets from the private link even when bound to INADDR_ANY.
-- Chris
- Next message: Duane Arnold: "Re: Duane Arnold to star in "Chimpie in the mist""
- Previous message: Memnoch: "Re: How effective is a router as a firewall?"
- In reply to: Skybuck Flying: "without selecting the right interface communication won't work ?"
- Next in thread: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- Reply: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- Reply: David Schwartz: "Re: without selecting the right interface communication won't work ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
