[nos-bbs] UDP Port Unreachable - problem found

[Maiko Langelaar]

Michael,

> I found the problem with the UDP port 93 unreachable message:  JNOS is
> (incorrectly) requiring the source port to also be 93 in AXUDP connections.

Wonder what other sysops have to say about that. I'd like to hear some
opinions on this. I don't know where it says anywhere that using UDP port
93 is wrong. If I had more details on this (which are lacking) and I knew
exactly how your system is configured, I can probably give you a better
answer. But saying that JNOS is the problem because it incorrectly 
requires a port to be 93 is stretching it. See my last paragraph.

That's just the way it is, I don't recall off the top of my head why,
but I'm out of town right now and don't have time to look at it or even
debate it. It's never been a problem in the almost 9 years it's been
configured that way, and I'm not changing it.

> When I connect outbound from my JNOS system, through my firewall, the
> firewall is changing the source port when it performs the outbound NAT.

Never had that problem with my router. Mind you it's a basic router.

> But when JNOS receives an AXUDP packet, apparently it doesn?t behave like a
> normal UDP application.  JNOS apparently rejects the connection if the

Sounds like you're getting to know the internals of JNOS pretty good :)

> It seems the following is needed:  Remove the source port restriction for
> AXUDP.  JNOS should not care what the source port is.  And, just like any
> other UDP app, when responding it should use whatever source port was
> specified as the destination port when it constructs the return packet.

Well, you see, this is where it gets interesting. If you actually read the
documentation under the axudp section, you will note there is a provision
to change both source and destination ports of AXUDP interfaces.

Maiko