Re: NAT and Keep State IP Rule

From: Geoff Lane (gl1public_at_btinternet.com)
Date: 01/26/04

• Next message: Beoweolf: "Re: Authentication with Firewall-1 NG with AI"
• Previous message: Duane Arnold: "Re: Zone Alarm & Wireless LANs"
• In reply to: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Next in thread: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Reply: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 26 Jan 2004 02:02:05 +0000

On Mon, 26 Jan 2004 01:05:45 GMT, Duane Arnold <notme@notme.com>
wrote:

>> For practice I created an IP rule that Blocks Immediately any Protocol
>> Incoming from any Source to any destination for any port.
>>
>> I would have assumed this would effectively BLOCK my internet
>> connection but I can still surf to my hearts content so either I am
>> misunderstanding it, I've configured it wrong or it's not working
>> correctly.

>Your machine solicited the traffic from behind the router by you surfing
>the Internet or initiating the contact with an IP/Website. Your machine
>sent outbound traffic to the IP. So the router knows that and will allow
>inbound traffic from the IP your machine made contact with. A stateful
>connection or solicitation of traffic from a remote IP. The stateful
>being the outbound from your machine and the return of inbound traffic
>from the IP.

Which is the configuration option which is totally confusing me.

My IP rules page gives me the option of enabling or disabling 'Keep
State'. I have not set any outgoing IP rule or enabled any Keep State
option.

The only default Data Rule is to block ports 137-139 going to DNS

So, I haven't set any Keep State option but is seems to be doing it
anyway. If I could figure this I would be well on my way to
uderstanding it.

Geoff Lane

---

• Next message: Beoweolf: "Re: Authentication with Firewall-1 NG with AI"
• Previous message: Duane Arnold: "Re: Zone Alarm & Wireless LANs"
• In reply to: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Next in thread: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Reply: Duane Arnold: "Re: NAT and Keep State IP Rule"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Using Remote Desktop From an SBS Domain ... when you tried to RDP while attached directly to a port on your router? ... Internet to initiate an IP conversation with your computer. ... This situation is different than if you ran your own NAT connection sharing ... (microsoft.public.windows.server.sbs) Re: Using Remote Desktop From an SBS Domain ... I don't have much experience with this type of Internet access (at least not ... allows all "outbound" traffic from your private network to flow freely to ... UDP port (synchronize time with an external Network Time ... Hopefully next week I can attempt a connection while my ISP watches the ... (microsoft.public.windows.server.sbs) Re: Yet another thread on the legality of port scanning ... Yet another thread on the legality of port scanning ... >> information transfer on the internet. ... >> is an acceptable connection in the absence of explicit permission? ... > pen testing experience in our state of the art hacking lab. ... (Security-Basics) Re: 45 days STUCK LIKE CHUCK. DNS / Mx record cant recieve emails ... cable from the Comcast router and plug it into that machine, ... Yes router is connected directly into the internet nic / other nic ... You can test the connection from within the LAN, ... I'm thinking that leaves the NAT device blocking port 25. ... (microsoft.public.windows.server.sbs) Re: Using Remote Desktop From an SBS Domain ... between me and the Internet and that is as much as I know. ... computer that is on a remote network now. ... Internet connection, bypassing my SBS/ISA network all together. ... the port number you connect to from 80 to a port of your ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)