Keith Winstein <[email protected]> writes: > Hello Alan, > > You're seeing something that happens in both TCP and UDP connections. > When you run a Web server on port 80 (TCP), clients will connect to > the server's port 80, from a random unprivileged TCP port of their own > choosing. So it's typical that you might see a connection from > 1.2.3.4:47123 to your server (port 80), and another connection from > 3.4.5.6:19156 to your server (still port 80), etc. > > When you tell a firewall to "open up port 80," what you mean is that > you want clients to be able to connect to the server's port 80 from > any client port, and that you want the server to be able to reply to > them at the IP address and port they connected from. > > Most firewalls do this in the same way for both TCP and UDP > connections. (E.g. in Amazon's EC2 firewall, when you open up UDP > ports 60000-61000, you are allowing clients to send to those server > ports AND allowing the server to reply from ports 60000-61000 to > whatever port the client is using.) > > If your firewall is behaving differently, this may be a good place to > focus on. Keep in mind you need to persuade the firewall to allow > "connections" (in both directions) to the server's port 60000-61000, > not just allow incoming datagrams destined to those ports.
Thanks for clarifying this, it now makes much more sense. I asked the admins here about it. I guess one issue is that it's the client that is behind the firewall, not the server. (Another issue may be that the server is behind a NAT. I redirected the ports so that incoming packets reach the server, and I hope that the NAT will not modify the source port of a reply when it mentions a redirected port.) Alan _______________________________________________ mosh-users mailing list [email protected] http://mailman.mit.edu/mailman/listinfo/mosh-users
