Hi, I was examining my WAN connection the other day, and I found something strange.
I have rdr and nat rules in place for this connection; some ports are forwarded to an internal host; and nat occurs for everything going out. However, I noticed that RST packets coming from the internal host were NOT being mapped, so it was sending them from an RFC 1918 address I use for internal hosts, and thus the RST packets were cheerfully ignored by the other end. Does anyone know what is going on here, and how I can elicit the proper behavior? Aside: What combinations of TCP flags does "scrub" filter out? Aside: What kinds of packets are considered associated with an active connection? Will an ICMP unreachable pass be passed in response to a keep state rule? -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
