[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Rule 998; MS-RPC; Port 135
FW: FW-1 4.1 sp2 I have a rule allowing host-A in my dmz _ANY_ communication with Any network in my corp net. I have a correlating rule allowing ANY network in my corp to _ANY_ communication with the DMZ. so my rules read as such::: hst-a any any accept long any hst-a any accept long hst-a is a win2K box that is trying to enumerate a domain [among other things]. It is failing on "rule 998" Now, I don't have 998 rules [59 to be exact] I am not NATing or such. A look of the traffic [w/ a sniffer] and all I see is the initial SYN packet with a dest port of 135. The packet doesn't look malformed [hey it's only the SYN packet].... The firewall accepts it on SBIF0, but then rejects it on the way out the door on SBIF1. So my analysis is that it makes it through the FW's IP stack on SBIF0, get's routed, then fails on the Outbound stack on SBIF1. But why? And I've sniffed the ether on SBIF1 to make sure it wasn't the host-B that sent back a RST. It's the FW. Thoughts? I've scoured Google & Phoneboy with no luck. Google came back with one hit, but no one answered the thread...just that it sounded like he had something similar to what I have... Many thanks TroyC ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|