• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

NAT question - change Source Port of outgoing TCP connection

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> NAT question - change Source Port of outgoing TCP connection Page: [1]
Login
Message << Older Topic   Newer Topic >>
NAT question - change Source Port of outgoing TCP conne... - 16.Sep.2009 3:58:57 AM   
GrandAdmiralThrawn

 

Posts: 2
Joined: 16.Sep.2009
Status: offline
Hello!

I'm not using any ISA Server yet, but I'm thinking about it. Currently, I'm using a Windows 2000 Server with Routing & RAS service to do NAT, port mapping and DMZ plus a 3rd Party firewall ("Outpost") to do all the filtering. After roughly 700 days of uptime, the Firewall Kernel module gave me a nice BSOD, so I thought, maybe change it. Also, I have another problem that was so far unsolvable with either Outpost firewall rules or the RRAS configuration.

It's like this:

I have a certain game (Supreme Commander), that i need to be able to access the Internet from behind the NAT/FW. So far so good. Now, that game connects from source port 6112 to the online service, which is also listening on destination port 6112. Protocol is TCP.

Now, as soon as that connection traverses the RRAS NAT, RRAS changes the source port from 6112 to something random. So, RRAS would change that source port from 6112 to let's say 9200, and connect from there to that remote destination port 6112.

Now, the problem is, that this online service requires the source port to be 6112. Otherwise, it might drop the connection altogether. (If I connect to a person which has no changed source port, it still works. If two players with changed source ports try to play together, it doesn't work).

So, i need the option to FIX the source ports of outgoing NAT traversal packets to a specific port based on a firewall rule. Like: "If destination of NAT traversal is TCP Port 6112, then fix Source Port to 6112".

Now, is something like that possible with ISA Server 2004?

Thank you very much for reading my lengthy post! :)

Edit: Oh, I hope this is the correct subforum. I was not sure wether to post this in the Firewall or SNAT subforums..

< Message edited by GrandAdmiralThrawn -- 16.Sep.2009 4:10:56 AM >
Post #: 1
RE: NAT question - change Source Port of outgoing TCP c... - 16.Sep.2009 8:43:10 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

AFAIK, ISA can not do it.

It can restrict only inbound source ports.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to GrandAdmiralThrawn)
Post #: 2
RE: NAT question - change Source Port of outgoing TCP c... - 17.Sep.2009 4:10:14 AM   
GrandAdmiralThrawn

 

Posts: 2
Joined: 16.Sep.2009
Status: offline
Hmm..

Would be a pity if I can't find some solution to freely modify packet headers to my liking (ISA or not...) on a Windows Server...

Thanks nonetheless!

(in reply to paulo.oliveira)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> NAT question - change Source Port of outgoing TCP connection Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts