Topic: Proxy uses random ports

[habbo]

I have a SME 7.3 box serving as a Proxy and DNS server for my local network. The SME and clients are sitting behind a firewall. The SME is in server-only mode and only acts as a proxy/dns/web/samba server for my local network. DHCP is handled by my firewall.

It's set up like this:

Code: [Select]

          WAN
           |
         modem
           |
        firewall
           |
         switch
        /      \
      SME    Clients

But i have one problem: The SME is using random ports for proxy http(s) and dns traffic. A example of what's in my log:

source: 192.168.2.2, port 34034 destination: 208.67.219.101, port 80

The source port could be anything, from 34000 to 34999, but I've seen other ports also. DNS is the same, but the ports are even more unpredictable. Ports vary from 2000 to 50000, and i wonder why. Can i change this behaviour? In my mind opening up a enormous amount of ports in my firewall is just as safe as having no firewall at all. Or am i missing something here?

[arne]

I think this is quite normal beaviour for most proxies. If the gateway is a static firewall / router it would / might be neccessary to open "an enourmous amount of ports". This also used to be the situation before the introduction of the "statefull inspection firewall".

The basic design prinsiple of the statefull firewall is that it automatically will make a list of all return ports that should be opened to receive the return traffic. In this way the statefull inspection firewall will open dynamically for return ports as required.

Most firewalls today and the sme server if used in gateway mode works according to the statefull or dynamic firewall prinsiple so that the things about the return traffic you have observed is not any longer a problem. (But it used to be some years ago.)

[habbo]

Ok, i see i have some reading to do..

But the DNS daemon also uses "random" ports, these ports vary even more. Is that also normal?

For example:
source: 192.168.2.2, port 55000 destination: 123.123.123.123, port 53

[arne]

As far as I know this is also just like normal. One difference: DNS requests will normally use UDP and not TCP, for ordinary dns request. (And also TCP for other "special purposes")

[habbo]

DNS uses UDP ports, which i forgot to add to the sample log.

Thank you for your time and explanations, i was a bit worried about the amount of ports used but you took my worries away . Since i have no expierence with proxies i thought it should use only a few ports..

[CharlieBrady]

DNS is the same, but the ports are even more unpredictable. Ports vary from 2000 to 50000, and i wonder why.

https://www.kb.cert.org/CERT_WEB%5Cservices%5Cvul-notes.nsf/id/800113
http://news.cnet.com/8301-10789_3-9985815-57.html?hhTest=1

Can i change this behaviour?

No, and you'd be crazy to do that even if you could.