[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] stateful firewalling and clustering.
Greetings gurus. I have now discovered something else in connectio with a problem I was having. Yesterday I realised that some machine from our ISP [machine A] was sending us packets that were getting droped by the firewall originating from port 80 and going to ports ranging from 34000 to 37. At first I thought it was a port scan being done on the firewall. Then I thought it was time-out backward connections being blocked so I increased the UDP time out. The packets were going to our mail server and direct to the firewall. Now the mail server has both a legal and illegal address [using static source/dest NAT]. After digging thru the log files some more, I realised that our mail server was doing DNS queries to machine B. The secondary DNS server for the our mail server is machine B. Turns out that our ISP has a DNS server cluster. Machine B being the virtual/primary [whatever] address for the DNS cluster. Now what happens is that when our mail server does a DNS query to machine B, machine A answers the query and because machine A does not have a valid connection in the state table, the packets are being dropped. Now, how do I get around this problem?? Is it possible to fix this?? __________________________________________________________ Langa Kentane | TEL:Security Administrator | Cell:DISCOVERY HEALTH | http://www.discoveryhealth.co.za __________________________________________________________________ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|