Echo LANlink Router Option User Manual Issue 1.0 04 December 1997 Page 54 of 59
Ports can be given a specific value or the user can use wildcards to pass all
values. Various services use a specific port number e.g. Telnet uses Port 23,
FTP uses port 21. RFC 1700 gives a list of standard port values.
G.3.1 Examples
If 130.140.5.10 wishes to be able to Telnet to 130.140.6.32, but does not
wish 130.140.6.32 to be able to Telnet back to him the following line should
be used:
SRC ADDR SRC MASK DEST ADDR DEST MASK PROT S.PRT D.PRT RSL
130.140.5.10 FFFFFFFF 130.140.6.32 FFFFFFFF TCP ALL 23 PAS
When 130.140.5.10 initiates a connection his packet will include the following
information:
IP Destination 130.140.6.32
IP Source 130.140.5.10
Protocol TCP
Port Destination 23
Port Source 1024
The key to this is the source port that will be assigned by the system. These
numbers usually start at 1024 and are incremented each time a new TCP
connection is made.
If the other machine 130.140.6.32 initiates the connection then the reply
coming from 130.140.5.10 would have the following information.
IP Destination 130.140.6.32
IP Source 130.140.5.10
Protocol TCP
Port Destination 1024
Port Source 23
You should note that the source and destination ports are now swapped. The
first packet from 130.140.6.32 will get to the other machine. However his
reply will fail when checked with the filter because the destination port is not
23.
If you wanted only these two machines to be able to telnet to each other and
either machine to initiate the connection then you would need two lines in the
filter table.
SRC ADDR SRC MASK DEST ADDR DEST MASK PROT S.PRT D.PRT RSL
130.140.5.10 FFFFFFFF 130.140.6.32 FFFFFFFF TCP ALL 23 PAS
130.140.5.10 FFFFFFFF 130.140.6.32 FFFFFFFF TCP 23 ALL PAS