locked
ALE_CONNECT_REDIRECT_V4 and Incoming connections RRS feed

  • Question

  • Hi,

    Thank you for your previous helps!
    After filtering succesfully the outgoing tcp connections, now I need to filter the incomings too.

    So, I changed the fieldKey field of FWMP_FILTER_CONDITION from FWPM_CONDITION_IP_REMOTE_PORT to FWPM_CONDITION_IP_LOCAL_PORT:

      filterConditions[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
      filterConditions[0].matchType = FWP_MATCH_EQUAL;
      filterConditions[0].conditionValue.type = FWP_UINT8;
      filterConditions[0].conditionValue.uint8 = IPPROTO_TCP;
    
      filterConditions[1].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
      filterConditions[1].matchType = FWP_MATCH_EQUAL;
      filterConditions[1].conditionValue.type = FWP_RANGE_TYPE;
      filterConditions[1].conditionValue.rangeValue = ⦥
    

    but it doesn't seem working.
    I tried filtering both "telnet localhost 8500" from localhost and "telnet 192.168.1.10 8500" from a remote host, but the driver seems that it's not filtering anything...

    Am I misunderstanding something?

    Thank you,
    Marco

    Wednesday, August 18, 2010 9:45 PM

All replies

  • I removed the PORT condition leaving only the PROTOCOL one... so I should filter every TCP connection from everyone in every port.
    And now I'm still filtering only the outgoing connections...

    Now I'm pretty sure that I have misunderstood the scope of ALE_CONNECT_REDIRECT layer.
    If I want to redirect incoming connections to another local port, how can I do that with this layer?
    I hope I don't have to handle all the ip packets at a lower level... :(

    Thanks,
    Marco

    Wednesday, August 18, 2010 10:16 PM
  • The REDIRECT layers are for outbound redirection operating on the locally sourced connection.  To do the same for inbound packets, you need to follow the Clone / Drop / Inject Model.

     

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, August 19, 2010 12:00 AM
    Moderator