CMPSC 443 - Solution for In-class Exercise (05/04/09) SYN - connection start ONG - part of ongoing connection (not needed) Firewall 1: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.169.* * 192.168.17.2 80 TCP SYN Accept (1) 192.169.* * 192.168.17.2 80 TCP ONG Accept (1) 192.168.17.2 80 192.169.* * TCP Accept (1) 192.169.* * 192.168.17.1 993 TCP SYN Accept (2) 192.169.* * 192.168.17.1 993 TCP ONG Accept (2) 192.168.17.1 993 192.169.* * TCP Accept (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.14.* * TCP ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6) Firewall 2: * * 192.168.17.2 80 TCP SYN ACCEPT (1) * * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 * * TCP ACCEPT (1) 192.168.14.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.14.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.14.* * TCP ACCEPT (2) 192.168.15.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.15.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.16.* * TCP ACCEPT (2) 192.169.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.169.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.169.* * TCP ACCEPT (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.14.* * TCP ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6) Firewall 3: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.15.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.15.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.15.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.15.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.15.* * 192.168.14.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.14.* 22 TCP ONG ACCEPT (4) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP ONG ACCEPT (4) 192.168.16.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.15.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP ONG ACCEPT (5) 192.168.15.* 22 192.168.16.* * TCP ACCEPT (5) Firewall 4: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.16.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.16.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.16.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.15.* * 192.168.16.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP ONG ACCEPT (4) 192.168.16.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.14.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.14.* 22 TCP ONG ACCEPT (5) 192.168.14.* 22 192.168.16.* * TCP ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP ONG ACCEPT (5) 192.168.15.* 22 192.168.16.* * TCP ACCEPT (5) Firewall 5: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.14.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.14.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.14.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.14.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.13.* * TCP ACCEPT (3) 192.168.15.* * 192.168.14.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.14.* 22 TCP ONG ACCEPT (4) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.16.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.16.* 22 TCP ONG ACCEPT (5) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (5) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6)