> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 9 June 2000 9:25 AM
> To: [EMAIL PROTECTED]
> Subject: Packet basics
[snip]
>
> I dont understand how the following occurs.
>
> Trying to setup a firewall with 2 nics ,
> 1 , an external nic with a valid internet address of ZZZ.Z.Z.201
> 2, an internal nic with a private lan number of 192.68.x.11
> How does the masquerading firewall machine know
> which response goes to which mac address/ip address combination,
> and not only which machine , but which session per machine.
[snip]
>
> Can anyone help me tp understand what goes on in this situation,
> or point me to a beginners URL that will explain this to me.
>
> Thanks in advance.
> RW
This concept is called "multiplexing". Multiplexing can occur whenever you
have lots of stuff for different places that all comes into a central point
- mail into Post Office Boxes, phone calls into a large company etc etc.
In this particular case, the web connections are multiplexed based on TCP
source port. I'll have to assume that you know a _bit_ about TCP/IP here,
sorry. If you're not up to TCP ports yet you'll need to trawl the web for a
basic tutorial.
So, when all five computers make their outgoing connections, the firewall
makes an internal map of which internal IP addresses translate to which TCP
source port it's using on the x.x.x.201 IP address - it might map
x.x.x.201:1001 and 1002 to web connections 1 and 2 for 192.168.1.1, then
port 1002 and 1003 for connections from 192.168.1.2 etc.
The webserver at the other end then sends back data to each source port as
appropriate (to the webserver they just look like 10 different connections -
it doesn't care that they're from the same place). The firewall then just
makes sure that the stuff going to the x.x.x.201 address is sent to the
correct internal host, multiplexing on TCP source port.
Easy, right?
Cheers!
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
