[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TAL-IPC protocol with pf

To: Brandon Mercer <b.mercer@trustetc.com>
Subject: Re: TAL-IPC protocol with pf
From: "J.C. Roberts" <unknown@abac.com>
Date: Wed, 01 Sep 2004 09:14:38 -0700
Cc: misc@openbsd.org
Organization: None
References: <4135E18C.4010807@trustetc.com>

On Wed, 01 Sep 2004 10:49:48 -0400, you wrote:

>Hello Group,
>Boy have I got one for you!  So my broker dealer upgrades his software 
>that he uses to get pricing and he can't get any information.  I'm on 
>the phone with their tech support and she says that I need to allow port 
>1838 outbound on my firewall.  Fair enough, I try that and things still 
>don't work.  So I verify with the tech support rep that it runs over 
>tcp... **BIG PAUSE** she replies, well actually it works over TAL-IPC 
>which is a proprietary protocol that we've developed.  Oh... ok... so 
>tcp wasn't good enough for you?  Anyway, the problem as it stands is 
>that I still need to make this work.  I'm running OpenBSD 3.5 and here 
>is a snippet of my ruleset. 
>
>outgoing = "{ 20, 21, 22, 25, 80, 110, 443, 10000, 21001, 22001, 1838 }"
>
>pass in quick on $external inet proto tcp from any to any port $outgoing \
>     flags S/SA keep state
>pass out quick on $external inet proto tcp from any to any port $outgoing \
>     flags S/SA keep state
>
>pass out quick on $external inet proto udp  all keep state
>pass out quick on $external inet proto icmp from any to any keep state
>
>Thanks for any help,
>Brandon

Hey Brandon,

I noticed something in your ruleset versus the "firewall" webpage you
posted later. The page reads:

"In order for RealTick® to properly connect through a Fire Wall, Ports
1723 - 1743 need to be opened. In some cases, port 1723 is reserved for
PPTP, so an additional port, 1838, will need to be opened"

But it seems your ruleset is missing the 1722><1744 range in your
outgoing ports. The fact they are mentioning ports numbers in their
firewall configuration page pretty much guarantees their custom protocol
is sitting on _top_ of tcp/ip.

I've dealt with a very long list of real-time data/platform providers
over the years (bloomberg, bridge, S&P, FutureSource, DBC, BMI,
telescan, tradestation *cough*) -They are all arrogant but they are
*usually* not stupid enough to write their own transport unless of
course, it's going over satellite.

Kind Regards,
JCR

References:
- TAL-IPC protocol with pf
  - From: Brandon Mercer <b.mercer@trustetc.com>

Prev by Date: ±ä±ÞÀÚ±Ý Ä«µå°áÁ¦ ½ÑÀÌÀ²·Î ºô·Áµå¸³´Ï´Ù sgqg eeaf
Next by Date: Re: TAL-IPC protocol with pf
Prev by thread: Re: TAL-IPC protocol with pf
Next by thread: °í¹Î³¡!½Ñ±Ý¸®·ÎÇØ°áÇÏ°í ºÐÇÒ»óÈ¯ÇÏ¼¼¿ä jlclinadb rsdqqbbon
Index(es):
- Date
- Thread