On Tue, 10 Aug 2004, [EMAIL PROTECTED] wrote:
> > On 10/8/2004, "Rob" <[EMAIL PROTECTED]> wrote: > > >> The ip of the DMZ iface is : fxp0 a.b.c.1 255.255.255.0 > > > >You have no rules referring to this interface! Try changing your "out on > >fpx1" to "in quick on fxp0". > > > > Yes, but firewall is in default to accept ... no .. ? > Anyway, here is the begenning of the file now : > > pass out on fxp1 proto tcp from any to any keep state > pass out on fxp1 proto udp from any to any keep state > pass out on fxp1 proto icmp from any to any keep state > > pass out on fxp0 proto tcp from any to any keep state > pass out on fxp0 proto udp from any to any keep state > pass out on fxp0 proto icmp from any to any keep state > pass in on fxp0 proto tcp from any to any keep state > pass in on fxp0 proto udp from any to any keep state > pass in on fxp0 proto icmp from any to any keep state > > It seems better, on the servers in the DMZ, but my ipmon is still crying : > > 10/08/2004 17:09:52.714017 fxp1 @0:431 b 207.155.252.40,25 -> > e.f.g.2,1229 PR tcp len 20 141 -AP IN > 10/08/2004 17:09:56.075882 fxp1 @0:431 b 207.155.252.40,25 -> > e.f.g.2,1229 PR tcp len 20 141 -AP IN > 10/08/2004 17:10:02.826617 fxp1 @0:431 b 207.155.252.40,25 -> > e.f.g.2,1229 PR tcp len 20 141 -AP IN > 10/08/2004 17:10:06.726784 fxp1 @0:431 b 64.12.138.120,25 -> e.f.g.2,2318 > PR tcp len 20 519 -AP IN > 10/08/2004 17:10:10.224945 fxp1 @0:431 b 62.160.237.1,25 -> e.f.g.2,2769 > PR tcp len 20 104 -A IN > 10/08/2004 17:10:16.326647 fxp1 @0:431 b 207.155.252.40,25 -> > e.f.g.2,1229 PR tcp len 20 141 -AP IN > The rules you show do not include any log directives except for the last line. The blocked packets you are seeing are at rule 431. You can either trim down your rules set to what you have posted or post it in its entirety. You would also be better off with a rule like pass out on fxp1 proto tcp from any to any flags S keep state Larry.
