Firewall Port Range

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Firewall Port Range

Postby rboynton » Jul 23 07 10:09 am

I frequently get the following show up on my firewall:
Wingate firewall hit report:

Time: 7/22/2007 3:56:35 PM
Reason: Port Range
Source MAC address: 00-A0-AC-09-24-2D
Destination MAC address: 00-01-02-5F-F7-12
Source IP Address: 148.78.249.202 : 53
Destination IP Address: 148.78.52.14 : 3688
Protocol: UDP
Time-to-live: 60

The source IP is my ISP's DNS server. Is this a problem I should be concerned with?
rboynton
Senior Member
 
Posts: 156
Joined: Jun 15 07 2:09 am
Location: Boerne, Texas

Postby genie » Jul 23 07 5:06 pm

This looks like a leftover of DNS requests - this might happen if your DNS server is fairly slow and UDP firewall hole time outs before the reply arrives. You can change UDP timeouts (for example, for testing purposes, you can create a port action for UDP with longer timeout).
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Postby rboynton » Jul 24 07 4:36 am

Is there a recommended timeout setting that I should try? We use two way satellite, so it is slow for sure. We average 1200ms for a ping response to our mail server. I tried a 5 second timeout, but am still getting those firewall notices. Should I go higher?
rboynton
Senior Member
 
Posts: 156
Joined: Jun 15 07 2:09 am
Location: Boerne, Texas

Postby rboynton » Jul 24 07 10:45 am

On a similar note, one of my other installations shows lots of checksum failures:

Wingate firewall hit report:

Time: 7/23/2007 4:33:38 PM
Reason:
Source MAC address: 00-06-25-66-60-88
Destination MAC address: 00-50-DA-12-D2-A8
Source IP Address: 69.70.86.214 : 42764
Destination IP Address: 192.168.1.254 : 52016
Protocol: TCP
TCP flags: RFPU
Time-to-live: 117
rboynton
Senior Member
 
Posts: 156
Joined: Jun 15 07 2:09 am
Location: Boerne, Texas

Postby genie » Jul 24 07 12:18 pm

Timeout for DNS - well, try 60 sec value first.

As of the last packet you reported - it looks very strange - this set of TCP flags should never be used...
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am


Return to WinGate

Who is online

Users browsing this forum: Bing [Bot] and 57 guests