On 10/8/2004, "Laurence Moore" <[EMAIL PROTECTED]> wrote: >The rules you show do not include any log directives except for the last >line. The blocked packets you are seeing are at rule 431. You can either >trim down your rules set to what you have posted or post it in its >entirety.
Hum yes, it is true, I didn't show all the file because it is very long. There is about 4-5 rules for each ip of the /24 in the dmz and those rules are like the one I show (e.f.g.2). I sum up the file to the one you see, but I will rebuild it to the one you see and repaste it here. >You would also be better off with a rule like > >pass out on fxp1 proto tcp from any to any flags S keep state Here is the _full_ new file : pass out on fxp1 proto tcp from any to any flags S keep state pass out on fxp1 proto udp from any to any keep state pass out on fxp1 proto icmp from any to any keep state pass out on fxp0 proto tcp from any to any flags S keep state pass out on fxp0 proto udp from any to any keep state pass out on fxp0 proto icmp from any to any keep state pass in on fxp0 proto tcp from any to any flags S keep state pass in on fxp0 proto udp from any to any keep state pass in on fxp0 proto icmp from any to any keep state pass in quick on fxp1 from any to e.f.g.1 pass in quick on fxp1 proto udp from any to e.f.g.2 port = 53 pass in quick on fxp1 proto tcp from any to e.f.g.2 port = 53 pass in quick on fxp1 proto tcp from i.j.k.0/24 to e.f.g.2 port = 5802 pass in quick on fxp1 proto tcp from i.j.k.0/24 to e.f.g.2 port = 5902 pass in quick on fxp1 proto tcp from i.j.k.0/24 to e.f.g.2 port = 3306 pass in quick on fxp1 proto tcp from i.j.k.0/24 to e.f.g.2 port = 80 pass in quick on fxp1 proto icmp from any to e.f.g.2 pass in quick on fxp1 from any to e.f.g.3 pass in quick on fxp1 from any to e.f.g.4 pass in quick on fxp1 from any to e.f.g.5 pass in quick on fxp1 from any to e.f.g.6 pass in quick on fxp1 from any to e.f.g.7 pass in quick on fxp1 from any to e.f.g.8 pass in quick on fxp1 from any to e.f.g.9 pass in quick on fxp1 from any to e.f.g.10 block in log on fxp1 from any to any The web (80) seems to work from the DMZ to outside, but customers have ftp probleme and I still have that in my ipmon : 11/08/2004 11:34:37.618331 fxp1 @0:20 b 212.27.35.115,25 -> e.f.g.2,1403 PR tcp len 20 76 -AP IN 11/08/2004 11:37:07.623954 fxp1 @0:20 b 212.27.35.99,25 -> e.f.g.2,1678 PR tcp len 20 76 -AP IN 11/08/2004 11:37:07.623968 fxp1 @0:20 b 212.27.35.99,25 -> e.f.g.2,1639 PR tcp len 20 76 -AP IN Thx for your help. -- fz
