• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Strange Behavior Using UDP Port Range

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> Strange Behavior Using UDP Port Range Page: [1]
Login
Message << Older Topic   Newer Topic >>
Strange Behavior Using UDP Port Range - 7.Jul.2005 9:12:00 PM   
geekp0wer

 

Posts: 3
Joined: 7.Jul.2005
Status: offline
Can anyone give a reasonable explination for this one?

In ISA 2004, if I create a new protocol under Taskbox/Protocols that states:

Port Range: 27000 - 27015
Protocol Type: UDP
Direction: Send

And now the important part....I do not apply the protocol anywhere.....Applications using this port range stop working. Specifically, outbound UDP packet have their reply packets dropped.

This does not occur if the new UDP protocol direction is recieve or send/recieve.

I understand that this is probably a broken protocol but it was never applied to a rule and it still created problems. WHY?????

I have never seen this behavior with other commercial firewalls (PIX or Checkpoint). Have you seen this elsewhere?

For the sake of the search engines and people who are trying to fix the same issue the application is Counter-Strike and/or Half-Life.

thx,

Geekp0wer
Post #: 1
RE: Strange Behavior Using UDP Port Range - 8.Jul.2005 3:28:00 PM   
solidus667

 

Posts: 30
Joined: 8.May2004
From: Dallas, TX
Status: offline
I haven't experienced this, but I have a theory [Smile]

When you watch the logs before creating a particular protocol, it'll call denied connection attempts "Unidentified IP Traffic" or something like that. If you then create a protocol that encompasses those connections, the logger will refer to your protocol name. This illustrates how ISA Server "cares" about your protocol definitions whether you use them or not.

I've wondered, what if you make multiple protocol definitions that use some of the same primary ports? What would the logger call the traffic? What rule would it know to obey if there are logical collisions like this?

I think the act of you defining a specific protocol encompassing multiple ports as a primary connection sets a certain boundary. So if activity falls within that realm, it is assumed to be communication of that protocol, and since you've disallowed UDP, it gets dropped. Maybe if you made the UDP definition part of the secondary protocol def there would be different behavior, because the udp traffic wouldn't be "key" to the protocol?

As you mentioned, our discussion is academic because for Steam you should probably be using Send-Receive for UDP.

But my guess as to what the deal is, is that you have some overlapping protocol definitions. If one protocol definition has the same primary connections as another, how does ISA server know which protocol your IP traffic falls under?

Anyway, for the record, this is my Steam definition. I haven't tested it with online play yet, but it works for getting updates from steam, etc, and is built based on the protocol info in their own forums:

All Primary:
27030-27039 TCP Outbound
1200 UDP Send Receive
27000-27015 UDP Send Receive

You could consider moving the UDP to secondary if this issue ever messes with you in the future. I don't know a lot about sockets programming for games, but I would imagine that the UDP information flows only after a TCP session is established, and therefor it would be safe to make it secondary. This, I think, would give ISA Server's ability to observe "statefulness" the means to logically separate the steam protocol from other protocols you use that also use similar UDP traffic.

Does that all make sense?

(in reply to geekp0wer)
Post #: 2
RE: Strange Behavior Using UDP Port Range - 8.Jul.2005 3:33:00 PM   
solidus667

 

Posts: 30
Joined: 8.May2004
From: Dallas, TX
Status: offline
Sorry to beat a dead horse here, but another way to explain my theory:

By having "UDP 1200 Send" as a PRIMARY connection def, it becomes a defining attribute of the protocol.

So when UDP responses come in on that port ISA Server thinks, "Oh, this must be half-life activity, but there is no policy to allow it."

I know, it doesn't *totally* add up (maybe a real protocol engineer can enlighten us both), but it at least feels consistent enough for me to think it's not a major flaw.

(in reply to geekp0wer)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> Strange Behavior Using UDP Port Range Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts