|
||||||||||
On 11.03.2004 09:21 +0100 gr at redskycom dot net wrote: > I just reset to factory retting and without putting any rule or > change the mono started blocking some packets as displays in the > log: Why???? > > > Last 50 firewall log entries > > 08:04:56.435774 sis1 @0:13 b 192.168.0.1 -> 192.168.0.5 PR icmp len > 20 60 icmp echo/0 IN OK, so sis1 is your WAN interface and 192.168.0.0/24 the WAN subnet. You'll have to disable the "Block private networks" options on the WAN interface setup page. By default RFC 1918 networks are blocked on WAN. > 08:07:33.554834 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157 > PR tcp len 20 41 -A IN > > 08:07:38.477296 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157 > PR tcp len 20 41 -A IN > > 08:07:43.509182 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157 > PR tcp len 20 41 -A IN > > 08:07:48.541062 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157 > PR tcp len 20 41 -A IN As for these log entries - since they're not SYN packets, I assume that you rebooted your m0n0wall while some TCP connection was still established between one of your LAN clients and an Internet host, and now that Internet host is trying to send some data to your client but m0n0wall blocks it because there's no corresponding entry in the state table. That's perfectly normal behavior with stateful packet filtering - if you reboot your firewall and therefore lose the contents of the state table, all established connections will be broken. On the other hand, stateful packet filtering is considered to be more secure than stateless filtering. - Manuel |