Ports can be given a specific value or the user can use wildcards to pass all values. Various services use a specific port number e.g. Telnet uses Port 23, FTP uses port 21. RFC 1700 gives a list of standard port values.
G.3.1 Examples
If 130.140.5.10 wishes to be able to Telnet to 130.140.6.32, but does not wish 130.140.6.32 to be able to Telnet back to him the following line should be used:
SRC ADDR | SRC MASK | DEST ADDR | DEST MASK | PROT | S.PRT | D.PRT | RSL |
130.140.5.10 | FFFFFFFF | 130.140.6.32 | FFFFFFFF | TCP | ALL | 23 | PAS |
When 130.140.5.10 initiates a connection his packet will include the following information:
IP Destination | 130.140.6.32 |
IP Source | 130.140.5.10 |
Protocol | TCP |
Port Destination | 23 |
Port Source | 1024 |
The key to this is the source port that will be assigned by the system. These numbers usually start at 1024 and are incremented each time a new TCP connection is made.
If the other machine 130.140.6.32 initiates the connection then the reply coming from 130.140.5.10 would have the following information.
IP Destination | 130.140.6.32 |
IP Source | 130.140.5.10 |
Protocol | TCP |
Port Destination | 1024 |
Port Source | 23 |
You should note that the source and destination ports are now swapped. The first packet from 130.140.6.32 will get to the other machine. However his reply will fail when checked with the filter because the destination port is not 23.
If you wanted only these two machines to be able to telnet to each other and either machine to initiate the connection then you would need two lines in the filter table.
SRC ADDR | SRC MASK | DEST ADDR | DEST MASK | PROT | S.PRT | D.PRT | RSL |
130.140.5.10 | FFFFFFFF | 130.140.6.32 | FFFFFFFF | TCP | ALL | 23 | PAS |
130.140.5.10 | FFFFFFFF | 130.140.6.32 | FFFFFFFF | TCP | 23 | ALL | PAS |
Echo LANlink Router Option User Manual | Issue 1.0 04 December 1997 Page 54 of 59 |