Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: stateful firewalling and clustering.

To: "Firewall-1 Mailing List (E-mail)" <[email protected]>
Subject: [FW1] RE: stateful firewalling and clustering.
From: Langa Kentane <[email protected]>
Date: Wed, 10 Jan 2001 16:14:27 +0200
Sender: [email protected]

But then again, in this case, since this is UDP, and there are no syn
packets, it should be able to send the replies thru the firewall if the
ports are open.  But it would be silly and very insecure to open those ports
just for UDP replies.

I have contacted my ISP and they allow me to connect directly to one of the
DNS servers in the cluster.

Thanks to all that replied to my [many] previous mails

>  -----Original Message-----
> From: 	Langa Kentane  
> Sent:	10 January 2001 15:53
> To:	Firewall-1 Mailing List (E-mail)
> Cc:	Jim Morrisby
> Subject:	stateful firewalling and clustering.
> 
> Greetings gurus.
> 
> I have now discovered something else in connectio with a problem I was
> having.  Yesterday I realised that some machine from our ISP [machine A]
> was sending us packets that were getting droped by the firewall
> originating from port 80 and going to ports ranging from 34000 to 37.
> At first I thought it was a port scan being done on the firewall.  Then I
> thought it was time-out backward connections being blocked so I increased
> the UDP time out.  The packets were going to our mail server and direct to
> the firewall.
> 
> Now the mail server has both a legal and illegal address [using static
> source/dest NAT].  After digging thru the log files some more, I realised
> that our mail server was doing DNS queries to machine B.  The secondary
> DNS server for the our mail server is machine B.
> 
> Turns out that our ISP has a DNS server cluster.  Machine B being the
> virtual/primary [whatever] address for the DNS cluster.  Now what happens
> is that when our mail server does a DNS query to machine B, machine A
> answers the query and because machine A does not have a valid connection
> in the state table, the packets are being dropped.
> 
> Now, how do I get around this problem??  Is it possible to fix this??
> 
> __________________________________________________________
> Langa Kentane		| TEL:> Security Administrator	| Cell:> DISCOVERY HEALTH		| http://www.discoveryhealth.co.za
> __________________________________________________________________
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] stateful firewalling and clustering.
Next by Date: Antwort: [FW1] kernel 2.2.17
Previous by thread: RE: [FW1] stateful firewalling and clustering.
Next by thread: Antwort: [FW1] kernel 2.2.17
Index(es):
- Date
- Thread