[ previous ] [ next ] [ threads ]
 
 From:  Chrisup-Gmail <chrisup at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  disable syn flag checking outbound??
 Date:  Mon, 22 May 2006 14:26:31 -0700
I had a previous post about spoofing and load balancing, but I think I
may have complicated that post with too much informartion.

My goal is to stop the firewall form blocking outbound traffic from
the LAN based on the syn flags. the ipmon log shows the traffic being
dropped on rule 0:15 with flags -AS

I need the firewall to ignore the syn flags from my web servers
outbound traffic so load balncing will work.

I think /etc/inc/filter.inc is the place to start, I see a section
with comment "# Block TCP packets that do not mark the start of a
connection." I'm not sure exactly what modification I need to make as
I'm new to ipf.

Below is a sanitized log, The LAN is 205.xxx while the WAN is 165.xxx
and the web servers are on the LAN side ending in .54 and .56.
65.xxx.xxx.115 is the client initiating the http session.

I'd appreciate any input as I am getting grilled by my boss.

Thanks

Chris



May 21 21:27:42 m0n0wall ipmon[85]: 21:27:41.607915 2x xl0 @0:15 b
205.xxx.xxx.56,80 -> 65.xxx.xxx.115,64938 PR tcp len 20 60 -AS IN
May 21 21:27:45 m0n0wall ipmon[85]: 21:27:44.611280 xl0 @0:15 b
205.xxx.xxx.56,80 -> 65.xxx.xxx.115,64938 PR tcp len 20 60 -AS IN
May 21 21:28:09 m0n0wall ipmon[85]: 21:28:08.614812 xl0 @0:15 b
205.xxx.xxx.54,80 -> 65.xxx.xxx.115,64938 PR tcp len 20 44 -AS IN
May 21 21:28:12 m0n0wall ipmon[85]: 21:28:11.608185 xl0 @0:15 b
205.xxx.xxx.54,80 -> 65.xxx.xxx.115,64938 PR tcp len 20 44 -AS IN
May 21 21:28:18 m0n0wall ipmon[85]: 21:28:17.608257 xl0 @0:15 b
205.xxx.xxx.54,80 ->