[ previous ] [ next ] [ threads ]
 
 From:  berek at rz dot uni dash leipzig dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: firewall lets ports pass although blocked
 Date:  Thu, 10 Nov 2005 17:20:08 +0100
>berek at rz dot uni dash leipzig dot de wrote:
>> hi,
>> i'm using m0n0 for some years now. but now the firewall seems to let
connections
>> be established that should be blocked.
...
>> definitely NOT allowed in my list. thus they normally should be blocked by
the
>> default blocking rule of the WLAN interface. but they pass through, as i can
>> see in the output of iptraf on the linksys. the ports that were passed the
last
>> time were different ones between 62000 and 63000.
Chris Buechler said:
>They're ephemeral ports, most likely source ports is what you're
>seeing, and it has to be allowed by the state table if it isn't
>allowed explicitly in your rules.

here is on line of the output of the firewall state:

Source  	Port  	Destination  	Port  	Protocol  Packets  	Bytes  	TTL
10.11.77.5  	1073  	137.226.34.227  55413  	tcp  	775555        756769468 
2:30:00

the connection has *destination* port 55413, and that one is not in the allow
list. hmpf. i'm helpless.

yours & thanks for your ideas,
mathias berek

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

----- End forwarded message -----




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.