[ previous ] [ next ] [ threads ]
 
 From:  "Kevin Williams" <kevin underscore w69 at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] need to remove bad default rule
 Date:  Fri, 07 May 2004 10:30:03 -0600
That sounds like a good idea. However, when I attempt to reach a machine in 
the DMZ from outside the WAN, the packets are blocked by rule 17. I have a 
hard time believing that every machine I have, as well as mail servers 
around the world, don't initiate TCP connections properly. Could my ISP be 
doing something here?


>From: Manuel Kasper <mk at neon1 dot net>
>To: Kevin Williams <kevin underscore w69 at hotmail dot com>
>CC: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] need to remove bad default rule
>Date: Fri, 07 May 2004 18:23:45 +0200
>
>On 07.05.2004 10:10 -0600, Kevin Williams wrote:
>
> > I've finally discovered the source of my DMZ problem. There is a
> > rule "@17  block in log quick proto tcp from any to any" that comes
> > before all my rules  to allow traffic in/out of my DMZ.
>
>That's most likely not the problem, as the rule that precedes it is
>"skip 1 in proto tcp from any to any flags S/FSRA". It is there to
>make sure that all new TCP sessions start with a SYN.
>
>- Manuel
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>