|
||||||||
Reto, See this in the manual page. http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html I had a hard time accepting/believing this, but as for now, all drops I got did not result in any network issues. So it must be true. ;-) Do you have any issues or do the drops result in errors on the mailserver and or in the communication ? Regards, Jeroen. On Tue, 26 Sep 2006 10:49:00 +0200, Reto Buerki wrote > Hi List > > I have a problem regarding a mailserver inside my DMZ (sis2). the > mailserver retrieves the data for user auth over LDAP (secured with > TLS). I created a rule to allow this specific kind of traffic: > > <rule> > <type>pass</type> > <interface>opt1</interface> > <protocol>tcp</protocol> > <source> > <address>192.168.X.X</address> > </source> > <destination> > <address>172.24.Y.Y</address> > <port>389</port> > </destination> > <log/> > <escr>Allow LDAP from mailx to pdc</descr> > </rule> > > Every day I have entries in my log like these: > 300:1 p sis2 1952 tcp packets from 192.168.X.X to 172.24.Y.Y port 389 > (ldap) > 0:17 b sis2 78 tcp packets from 192.168.0.5 to 172.24.X.X port 389 (ldap) > > why are there some packets blocked? I explicitly allowed these kind of > packets to pass.... > the detailled packets look like this: > PASS: > Sep 26 09:27:35 172.24.Y.Y ipmon[83]: 09:27:35.872910 sis2 @300:1 p > 192.168.Y.Y,54979 -> 172.24.X.X,389 PR tcp len 20 60 -S K-S IN > BLOCK: > Sep 26 08:50:38 172.24.Y.Y ipmon[83]: 08:50:38.256087 sis2 @0:17 b > 192.168.Y.Y,39282 -> 172.24.X.X,389 PR tcp len 20 52 -AR IN > > I just want to make sure this behavior is intended and normal before > this server becomes our production server. > > Thanks for your help > > Regards > Reto > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |