Solved: Difference?

ray_stone · ‎05-26-2011

Hello Experts:

Can you please tell me the difference between directional and bi-directional traffic?

Please provide an example, if possible.

varrao · ‎05-26-2011

Hi Ray,

In what particular context are you referring. Normally lets sday you have two interfaces inside and outside and yu can only initiate traffic from inside---->outisde, it is referred to unidirectional, but if you can initiate traffic from outside to inside and connect to internal machines as well, it is called bi-directional. If you can expalin the exact requirement that you have, this explanation might have a difference.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎05-26-2011

Hi Ray,

In what particular context are you referring. Normally lets sday you have two interfaces inside and outside and yu can only initiate traffic from inside---->outisde, it is referred to unidirectional, but if you can initiate traffic from outside to inside and connect to internal machines as well, it is called bi-directional. If you can expalin the exact requirement that you have, this explanation might have a difference.

Thanks,

Varun

Thanks,
Varun Rao

ray_stone · ‎05-26-2011

Hi Varun,

I was just assuming this in the case of port redirection and wanted to know the meaning of these words in networking terms where i was bit confused. In the similar manner, what about port direction or redirection and how it works.

It works in which scenario, please explain.

varrao · ‎05-26-2011

Hi Ray,

I'll explain you with an example:

Lets say you want users to access a server from outside on port 8080, but want their request to be redirected to an internal machine on port 80.

The public ip of serevr - 1.1.1.1

Private ip - 192.168.1.1

static (inside,outside) tcp 1.1.1.1 8080 192.168.1.1 80

This is port re-direction. You want port 8080 traffic hittiing on 1.1.1.1 to be translated to port 80 on 192.168.1.1

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

varrao · ‎05-26-2011

Moreover it saves you Public IP range as well, because instaed of the complete public IP 1.1.1.1 you are just using port 8080 on 1.1.1.1 You can use the same public ip for other services like port 25,443,110 for different servers. Here is a doc for it:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Static port forwarding is by directional, which means yu can initiate traffic frrom in--->out and out--->in

Thanks,

Varun

Thanks,
Varun Rao

ray_stone · ‎05-26-2011

Thanks Varun, I really appreciate your response.

That means we can use one public IP with many private IP's in port-redirection mode otherwise only one private IP can be NAT with one private IP if we go for direction mode.

I have another question for you if we do re-direction like a ftp connection of client hitting on firewall 1.1.1.1 tcp/21 port and redirecting to server 2.2.2.2 tcp 2100 port then how it's valuable in the terms of vulnerbilities or any other benifits.

Port redirection uses only to save the public IP or it does something else like I mention in port scanning.

varrao · ‎05-26-2011

Hi Ray,

If you are re-directing tarffic from the original port to another , the users would not e able to know which port are the connecting on the server machine, so it is a security feature in itself. If there is any attack for any standard potrt like 80, your server is saved from it because you the server public ip listens on port 8080 which is non-standard port. Moreover asnother usage would be, if you have multiple servers which needs to be accessed on port 80, then for one server you can use port 80 on the public ip but for others you can use non-standard like 8080 8000 something like that.

I hope I was able to answer your queries.

Thanks,

Varun

Thanks,
Varun Rao