[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Losts of traffic dropped
 Date:  Mon, 3 Oct 2005 17:35:37 -0400
On 10/3/05, Jeroen Visser <monowall at forty dash two dot nl> wrote:
> Hi list,
>
> I've got lots of traffic dropped by the rulenumer @0:44 on any interface (I'm
> using m0n0wall as a router).
>
> Which should be this rule
> @44 block in log quick proto tcp from any to any
>
> But what does it mean, and WHY is it messing up my network !
> It only blocks TCP (with options ?), to supposedly prevent OS detection with nmap ?
>

No, it blocks any packets that don't match a previous rule.  Previous
rules only allow through packets with flags S/SA, because they can be
initiating a connection.  Everything else will either be in the state
table as part of an existing connection, or will be spoofed/invalid
traffic.

The typical problems run into under situations like this are not
disabling NAT (i.e. not enabling advanced outbound NAT), which it
looks like you have ok, not defining static routes properly, which
also look ok, and firewall rules, which also look fine.

not very helpful, but maybe that'll help you think of something that's
going on.

-Chris