Computer Communication
and
Firewalls












Ways of Looking at Computer Communication

Layers

  1. Application-to-Application - the APPLICATION LAYER
  2. Program-to-program delivery - the TRANSPORT LAYER
  3. Computer-to-computer - the NETWORK LAYER
  4. Hardware-to-hardware - the SUBNET LAYER



Application to Application

Program to Program (alias port to port)

Computer to Computer

Hardware to hardware




IP Address Classes

A. 0.0.0.0 thru 127.255.255.255 (00 00 00 00 - 7F FF FF FF) B. 128.0.0.0 thru 191.255.255.255 (80 00 00 00 - BF FF FF FF) C. 192.0.0.0 thru 223.255.255.255 (C0 00 00 00 - DF FF FF FF) D. 224.0.0.0 thru 239.255.255.255 (E0 00 00 00 - EF FF FF FF) E. 240.0.0.0 thru 255.255.255.255 (F0 00 00 00 - FF FF FF FF) Special: 127.x.x.x Loopback. Normally only 127.0.0.1 is used


Ports




Packets




What's Used for What?

The three types of packet are normally used for the following:




Typical TCP Connection

Three different flags are used to coordinate TCP/IP communication. Let's assume you click on a link in your web browser. Here's what happens:

  1. The URL is parsed to get a host name which is translated into an IP address.
  2. The browser is assigned a random unprivileged port for this connection (e.g., 12345)
  3. An HTTP message is constructed by the browser and sent to TCP.
  4. TCP constructs a TCP message and sends it to IP
  5. IP wraps it in a IP packet header with a SYN (synchronize) flag, sends it to the server IP, port 80.
  6. The server sends a message with SYN and ACK (acknowledge) flags set, back to your IP address, port 12345.
  7. The client (your browser) sends ACK back to host.
  8. Data starts flowing, with each packet containing an ACK flag, and each acknowledged with an ACK back to the sender.
  9. When transmission is complete, one machine sends ACK FIN (finish).
  10. The other end sends ACK (to acknowledge receipt) and then its own ACK-FIN.
  11. The original (the one which initiated the teardown) sends ACK.
  12. Now that the program-to-program communication is over, port 12345 will be unassigned.

The SYN, SYN-ACK, ACK at startup and ACK-FIN, (ACK, ACK-FIN), ACK at teardown are often referred to as the "three-way handshake" of TCP. Note that after the original SYN to get things started, every single packet has the ACK flag set.

Typically, a system using TCP/IP (TCP over IP) will wait a reasonable amount of time for the ACK to come back for each packet, and if not, the missing-in-action packet is simply re-sent. A packet is never discarded by a sender until its ACK is received. At worst, the recipient might get two copies of the packet, and one is silently discarded.


Firewall Concepts

Normal firewall activity takes place at the packet level and is therefore called Packet Filtering.




How NAT Works

Network Address Translation, aka Masquerading, is also done at the packet filtering level. This is commonly used when several machines behind a firewall share the same electrical connection to the Internet -- a gateway. It's really a pretty simple scheme: