|
||||||||
That sounds like a good idea. However, when I attempt to reach a machine in the DMZ from outside the WAN, the packets are blocked by rule 17. I have a hard time believing that every machine I have, as well as mail servers around the world, don't initiate TCP connections properly. Could my ISP be doing something here? >From: Manuel Kasper <mk at neon1 dot net> >To: Kevin Williams <kevin underscore w69 at hotmail dot com> >CC: m0n0wall at lists dot m0n0 dot ch >Subject: Re: [m0n0wall] need to remove bad default rule >Date: Fri, 07 May 2004 18:23:45 +0200 > >On 07.05.2004 10:10 -0600, Kevin Williams wrote: > > > I've finally discovered the source of my DMZ problem. There is a > > rule "@17 block in log quick proto tcp from any to any" that comes > > before all my rules to allow traffic in/out of my DMZ. > >That's most likely not the problem, as the rule that precedes it is >"skip 1 in proto tcp from any to any flags S/FSRA". It is there to >make sure that all new TCP sessions start with a SYN. > >- Manuel > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |