Manualshelf

User guide

ManualsBrandsMultitech ManualsComputer equipmentRouteFinder RF850
151152153154155156157158159160
Appendix A – Disposition of Events
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 152
Figure 2 – Snapshot of Inbound Access Log
Description of Figure 2
The Access request originated from the source (204.26.122.9) to the destination (204.54.39.103) is
accepted by the candidate firewall. Classified as Inbound Accepted.
Inbound Access (DNAT with Connection Tracking)
Figure 3 – Inbound Access (DNAT with Connection Tracking)
Description of Figure 3
The Access request originated from the source (204.26.122.9) to the destination (204.54.39.103), which is
further DNATTED to the ip-address 192.168.1.76 on port 20:21.
The above figure illustrates a capture of the FTP service.
Slno 1, in the above snapshot corresponds to the control connection (Remarks in the second half of
the snapshot is a continuation of the capture).
Remarks:
Inbound Accepted DNAT ip:port = 192.168.1.76:20:21
Src: 204.26.122.9, Dst: 202.54.39.103, DNATTED to 192.168.1.76 on Port 20:21.
The log returned by the SYSLOG application in this particular case is different. The destination
address listed in the SYSLOG is the DNATTED ip-address. In this case it is 192.168.1.76.
Slno 2, corresponds to a PASV Data connection. (Src:204.26.122.9, destined to 202.54.39.103, which
in turn is DNATTED to 192.168.1.76 on port 62191).
Remarks:
Inbound Accepted
[SRC=204.26.122.9:DST=202.54.39.103:SPORT=41216:DPORT=21]
Dnat ip:port = 192.168.1.76:21
Inbound Accepted – Inbound Log
[SRC=204.26.122.9:DST=202.54.39.103:SPORT=41216:DPORT=21] – This corresponds
to the “CONTROL connection information” for this data connection.
Dnat ip:port = 192.168.1.76:21” – This corresponds to the “CONTROL connection’s
DNATTED ipaddress” for this data connection.
Slno 3, corresponds to the ACTIVE Data connection originated from 192.168.1.76 (on SRC-PORT
20), which is masqueraded to a SRC:202.54.39.103 at the WAN interface of the candidate firewall,
destined to 204.26.122.9.
Remarks:
Inbound Accepted
[SRC=204.26.122.9:DST=202.54.39.103:SPORT=41216:DPORT=21]
Dnat ip:port = 192.168.1.76:21
Inbound Accepted – Inbound Log
[SRC=204.26.122.9:DST=202.54.39.103:SPORT=41216:DPORT=21] – This corresponds
to the “CONTROL connection information” for this data connection.
Dnat ip:port = 192.168.1.76:21” – This corresponds to the “CONTROL connection’s
DNATTED ipaddress” for this data connection.