[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] drops for rule which allows service!




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Clarrisa Wright [mailto:[email protected]]
> Sent: Monday, July 16, 2001 5:34 PM
> 
> i am wondering if anyone could shed some light on this weirdness i
> am seeing in my logs:
> 
> i have a rule which allows a single source to 2 destination
> addresses for Oracle. (1521)  The rule is obviously set to
> "accept".
> 
> when i look at my log, i see an accept for one of the 
> addresses in the rule, 
> but a drop for the other, with the same rule number!  How can this
> be!!??!
> 
> when i reload the policy, the problem goes away, and in the log i
> now see an accept.
> 
> this is really confusing - my guess is something with the state
> table b/c when i reload the problem goes away - but this is really 
> confusing.
> My rulebase is fairly large (130 rules).  It's not a drop on 
> rule zero,
> but rather, the actual rule # which is set to "accept".
> 
> anyone who can shed light on this, i'd appreciate it.


Clarrisa,

from what wrote, it sounds as if you wanted to allow machines in
front of the firewall, or in a DMZ, access to your database servers
behind it.  I assume these servers have static NAT entries, and that
anti-spoofing is configured correctly (otherwise you'd see the rule 0
drop). I have seen what you describe on several occasions, and the
cause was either a non-existent or wrong entry in the local.arp file,
or a missing route. Make sure that the local.arp file contains the
NAT'ed IP addresses and MAC address of the external interface. Also
make sure you have the route statements in your routing table that
define NAT'ed IP, Mask, and real IP of your database servers.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBO1RkcZytSsEygtEFEQKDXACg3V5FBJwI+nRyG4zJZ+MbRU50OigAnRES
Z1ve/V9T0dKXz7JvBY5lFdqc
=qVsQ
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================