[es] - Jabber i SSL nece iza WinRoute-a (NAT)

boki
Boris Prpic
CTO
CodeZen, Cityexpert
Beograd

SuperModerator
Član broj: 2681
Poruke: 2442
*.bg.wifi.vline.verat.net.

Jabber: boki@elitesecurity.org
ICQ: 195245022
Sajt: www.goglasi.com

+34 Profil

Jabber i SSL nece iza WinRoute-a (NAT)

^{06.03.2005. u 16:01 - pre 233 meseci}

Ovako, imam 3 masine u LAN-u koje kroz server (WS03) na kome se nalazi WinRoute 6.0.9 izlaze na Verat ADSL (Javna IP). Na masinama u LAN-u rade svi servisi (HTTP, Kazaa, Shareaza, DC++, FTP, IRC) osim SSL-a i Jabber-a. Kada pokusam da otvorim neku https stranicu ostane na "transfering data..." a kada sa PSI-em (probao sam i JAJC)pokusam da se connectujem na jabber stane ovde:

Citat:

<?xml version="1.0"?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="elitesecurity.org" >

<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' id='422B27D7' xmlns='jabber:client' from='elitesecurity.org'>

<iq type="get" id="auth_1" to="elitesecurity.org" >
<query xmlns="jabber:iq:auth">
<username>XXXX</username>
</query>
</iq>

<iq type="result" id="auth_1" >
<query xmlns="jabber:iq:auth">
<username>XXXX</username>
<password/>
<digest/>
<sequence>XXXX</sequence>
<token>XXXX</token>
<resource/>
</query>
</iq>

<iq type="set" id="auth_2" to="elitesecurity.org" >
<query xmlns="jabber:iq:auth">
<username>XXXX</username>
<digest>XXXX</digest>
<resource>Psi gajba</resource>
</query>
</iq>

<iq type="result" id="auth_2" />

<iq type="get" id="aab1a" >
<query xmlns="jabber:iq:roster"/>
</iq>

Jednostavno ne moze da mi udje u mozak koji je problem sa ova 2 servisa koji inace bez problema radi iza NAT-a....

Evo i Traffic Policy iz WinRoute-a:

Goglasi! - Šta god da kupuješ, naći ćeš na Goglasima! Pretraga malih oglasa i eProdavnica, preko 10 milionda proizvoda.

Cityexpert.rs - Prva srpska onlajn agencija za nekretnine

ॐ

Prikačeni fajlovi

Capture.jpg - 104.66k

Odgovor na temu

Re: Jabber i SSL nece iza WinRoute-a (NAT)

^{07.03.2005. u 17:11 - pre 233 meseci}

Ne vidim zasto to pravilo nije u redu ali evo stavio sam za ICMP Source:firewall, VeratPPPoE Dest:firewall, VeratPPPoE i ne menja stvari. Probao sam i da iskljucim pravilo i sve je isto... u Logovima nema nista...

Napravio sam evo pravilo Source: any, Dest: any, Service: TCP 5222 i ukljucio logovanje i u filteru dobio ovo:

Citat:

[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:48, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: SYN , seq:2272972150 ack:0, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:48, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: SYN , seq:2272972150 ack:0, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:48, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: SYN ACK , seq:1713035112 ack:2272972151, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to LAN, proto:TCP, len:48, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: SYN ACK , seq:1713035112 ack:2272972151, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:40, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972151 ack:1713035113, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:40, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972151 ack:1713035113, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:172, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972151 ack:1713035113, win:65535, tcplen:132
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:172, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972151 ack:1713035113, win:65535, tcplen:132
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035113 ack:2272972283, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035113 ack:2272972283, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:185, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035113 ack:2272972283, win:65535, tcplen:145
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:185, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035113 ack:2272972283, win:65535, tcplen:145
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:164, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972283 ack:1713035258, win:65390, tcplen:124
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:164, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972283 ack:1713035258, win:65390, tcplen:124
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035258 ack:2272972407, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035258 ack:2272972407, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:220, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035258 ack:2272972407, win:65535, tcplen:180
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:220, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035258 ack:2272972407, win:65535, tcplen:180
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:252, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972407 ack:1713035438, win:65210, tcplen:212
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:252, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972407 ack:1713035438, win:65210, tcplen:212
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035438 ack:2272972619, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035438 ack:2272972619, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:71, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035438 ack:2272972619, win:65535, tcplen:31
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:71, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035438 ack:2272972619, win:65535, tcplen:31
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:108, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972619 ack:1713035469, win:65179, tcplen:68
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:108, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972619 ack:1713035469, win:65179, tcplen:68
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:883, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713039849 ack:2272972687, win:65535, tcplen:843
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:883, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713039849 ack:2272972687, win:65535, tcplen:843
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:52, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972687 ack:1713035469, win:65179, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:52, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972687 ack:1713035469, win:65179, tcplen:0

Znaci trebalo bi da paketi prolaze ali Jabb ne radi :( Popizdeo sam nacisto...

Goglasi! - Šta god da kupuješ, naći ćeš na Goglasima! Pretraga malih oglasa i eProdavnica, preko 10 milionda proizvoda.

Cityexpert.rs - Prva srpska onlajn agencija za nekretnine

ॐ

Odgovor na temu