Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

151

152

153

154

155

156

157

158

159

160

Appendix A: State Tables for VPN-1/FireWall-1 4.0 NAT tables

Advanced Technical Reference Guide 4.1 • June 2000 152

Address Translation “partial connections” tables

The fwx_anticipate and fwx_anticipate_rev (reverse) tables are used when translating packets in situations

where it is not known on which port the answer will come. When this happens the connections are inserted into

these tables with port 0 until the actual packet arrives and the port is known.

fwx_anticipate table

This table hold the translation parameters of data connections that are expected to occur based on existing

control connections (e.g. an FTP data connection will be recorded in this table if a PORT or PASV command

was detected in the control connection).

Example

attributes: expires 2147483647, limit 25000, keep, expcall 4276293796 0

<c0a83005, 00000000, cdd8a363, 00000d6d, 00000006; c0a83005, 00000000, c0a83001,

00000d6d, 00000006; 318/330>

The fwx_anticipate table uses the following format:

<anticipated source IP address, anticipated source port, anticipated destination IP, anticipated destination port,

anticipated IP protocol; source IP address to translate to, source port to translate to, destination IP address to

translate into, destination port to translate into, IP protocol; time left/total time>

The source ports are unknown in this case and are thus set to 0.

fwx_anticpate_rev table

Example

attributes: keep, limit 25000

<c0a83005, 00000000, c0a83001, 00000d6d, 00000006; c0a83005, 00000000,

cdd8a363, 00000d6d, 00000006>

The fwx_anticipate_rev table uses the following format:

<anticipated source IP address, anticipated source port, anticipated destination IP, anticipated destination port,

anticipated IP protocol; source IP address to translate to, source port to translate to, destination IP address to

translate into, destination port to translate into, IP protocol>

The source ports are unknown in this case and are thus set to 0.

fwx_alloc table

The fwx_alloc table holds information about the allocation of ports for the translated packets.

Example

attributes: keep

<00000000, c7cb477d, 00000006, 00002710; 000027f6>

<c7cb477d, 00000006, 000027d5>

<00000000, c7cb477d, 00000001, 00000258; 0000025c>

The fwx_alloc table uses the following formats.

First entry: <0, hiding IP address, IP protocol, first high port used; next high port to be allocated>

The first field is a space holder and is always 0. The first high port to be used is always 10000.

Second entry: <hiding IP address, IP protocol, port already being used>