Hi Guys,
For some peculiar reason my Gnat Box started refusing incoming connections
to our webserver on the PRO network.
I haven't done anything to it, except rebooting it, and that didn't help
either. I get nothing in the log files, and when I do a traceroute to the
webserver, the trace stops at the external router and tells me that the host
is unreachable. This is a blatant lie because I can telnet into port 25 on
the same machine to see if the mail service is running.
Here is the Remote Access filters I have set up.
REMOTE ACCESS
1 #Open all Ports
DISABLED - Accept ANY ALL
from "ANY_IP"
to "ANY_IP"
2 #Allow web
Accept ANY TCP
from "ANY_IP"
to "ANY_IP" 25 80 110 1521 443 14203
3 #DNS
Accept ANY UDP
from "ANY_IP" 53
to "ANY_IP"
4 #DNS
Accept ANY UDP
from "ANY_IP"
to "ANY_IP" 53
5 #Block Netbios connections to the Firewall
Deny "PROTECTED" UDP nolog
from "ANY_IP"
to "ANY_IP" 135:139
6 #Block Netbios connections to the Firewall
Deny "PROTECTED" TCP nolog
from "ANY_IP"
to "ANY_IP" 135:139
7 #Allow ping and traceroute
Accept ANY ICMP
from "ANY_IP"
to "ANY_IP"
8 #Accept Identification (Ident)
Accept ANY TCP nolog
from "ANY_IP"
to "ANY_IP" 113
9 #Remote Administration
Accept "EXTERNAL" TCP
from 196.22.162.86/255.255.255.255
to 209.212.103.210/255.255.255.255 77 8888
10 #Allow protected network access to WWW remote admin server.
Accept "PROTECTED" TCP
from 10.1.1.214/255.255.255.0
to 10.1.1.1/255.255.255.255 8888
11 #Allow protected network access to RMC remote admin server.
Accept "PROTECTED" TCP
from 10.1.1.214/255.255.255.0
to 10.1.1.1/255.255.255.255 77
12 #Deny Remaining Open Ports
Deny ANY ALL log email
from "ANY_IP"
to "ANY_IP"
