On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote:
When you send (initiate) a packet out on port abc, and it is allowed
through, the firewall opens up a "hole" (which is stored in the state table)
that allows a response from the IP the packet was sent to on the return port
specified in the packet.
You use inbound rules (WAN->LAN) when you want to allow sessions to be
initiated from the internet/untrusted interface.
As long as the default "allow all" outbound rule is in place, you can do
things like ping and browse the web with no problem from the LAN side.
Considering I'm one of the developers, I certainly hope I understand
the concepts of a stateful inspection firewall. :) The only example I
saw of what was broken was an outside in traceroute. I think it's
fair for me to assume that you may not have had rules allowing it into
your network.
But when I turn off NAT, the packets originate from my LAN subnet and the
packets go for a wild ride into nothingness....
AIYA!!!!
Hopefully, I'll have this fixed by tomorrow morning....
Thanks for everyone's help!!!
It was much appreciated!!!
Glad to hear it was upstream.
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
