Skip to main content

FTP Fixup Configuration Outbound and Inbound connections

More
17 years 6 months ago #21905 by zillah
When we are talking about PIX's inbound/outbound traffic flows. We mean to say flow of a traffic in relation to the interfaces.

www.ciscopress.com/articles/article.asp?p=24685&rl=1

In the link above he supposed that client will be on our internal LAN and the server on the internet

When a client behind a firewall initiates an FTP connection from their host, it opens a standard TCP channel from one of its high-order ports (TCP source port >1023) to destination TCP port 21 on the outside server.


With the PIX obviously we have got more than one physical interfaces, let assume the one that is connected to the client/s is called : inside , and the one that is connected to the server is called: outside.

If we are talking about the traffic that is initiated from a client (remember client/s on our LAN) going to the server , that traffic is inbound because it is entering the PIX via the the inside PIX's interface, and the same traffic can be called as outbound because it is leaving the PIX via outside interface toward the server.

And in the same way that traffic that initiated from the server toward the client , that traffic is inbound because it is entering the PIX via the the outside PIX's interface, and the same traffic can be called as outbound because it is leaving the PIX's via inside interface toward the client ,,,,,,,.Am I right ?

What is confusing me in the link above is this bold phrase in the quote below :

The server acknowledges the request and initiates an inbound connection from its own port 20 to the high-order port that the client requested.


I do not which terminology he used to call them as inbound or outbound ?
More
17 years 6 months ago #21906 by lomaree
hi,

well before any explaination there are certain thing which needs to be clarified..

when you talk about physical interface "inside" , "outside" you should also take into consideration the security level applied to them because security level has a direct relation with what interface will do and behave like.

in this scenario, e.g. if inside interface has security level higher and outside has lower the rule state the traffic will flow from higher to lower, therefore when the server acknowledges the request to the clients it will be from lower to higher security interface thus it will be inbound connection rather then being outside.

hope this helps.
More
17 years 6 months ago #21911 by zillah

when you talk about physical interface "inside" , "outside" you should also take into consideration the security level applied to them because security level has a direct relation with what interface will do and behave like.

I considered the default one, which inside interface has got higher security than outside interface, and there is no ACL, because if there is ALEs a traffic would not follow by default from high security to low security unless you have used ACLs.

1- Outbound Connections—When the client requests data, the PIX Firewall opens a temporary inbound conduit to allow the data channel from the server. This conduit is torn down immediately after the data is sent.


2- Inbound Connections—If a conduit exists allowing inbound connections to an FTP server, and if all outbound TCP traffic is implicitly allowed, no special handling is required because the server initiates the data channel from the inside.


Could you please comment the bold words and their relation with which interfaces (inside or outside) ? I mean to say which interface does the author of the book take in his consideration when he explained the scenario above ?

I hope you get where is my point , because I am looking for a specific answer. :wink:
More
17 years 6 months ago #21934 by lomaree
hi,

1. outside means traffic will flow from inside interface "higher security level" to outside "lower security level" and in response will recevie traffic from this outside server, this will be known to pix as "inbound". remember for lower security level interface to access anything on the higher security level interface one should explicitly allow it otherwise the connection will drop. this type of connection is achieved through the use of acl inside and acl outside.

2. inbound here means if the acl is already set to allow bi-directional connections to an inside server, in this case FTP then no futher action will be required for this data channel to pass traffic. this type of connection is achieved through the use of static (one-to-one) in contrast with acl outside.

HTH
More
17 years 6 months ago #22131 by zillah
Hi lomaree

This is what I was looking for (I have been advised to the below):

The traffic is inbound or outbound to the LAN -> Internet - if you were configuring ACL's on the PIX then the traffic is inbound or outbound to the interface.


Did you mean to explain same as the quote above ?

Regards
More
17 years 6 months ago #22135 by anti-hack
well in my humble opinion (without discussing the Einstein's Relativity theory);

assuming there are onlt 2 interfaces on the PIX. the traffic that enter the PIX from the inside interface is called OUTBOUND and the traffic that enters the PIX from the outside interface is called INBOUND.

This is as simple as i can put it.

hope it helped.
Time to create page: 0.161 seconds