[ previous ] [ next ] [ threads ]
 
 From:  Jeffrey Goldberg <jeffrey at goldmark dot org>
 To:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Odd NAT blocking
 Date:  Tue, 5 Oct 2004 12:07:56 -0700
This question might reflect my misunderstanding of how NAT works.  
(Well, considering that I think it works by magic, I suppose that that 
is inevitable that I misunderstand.)

I am getting some outgoing packets occasionally blocked that should be 
allow through.  Here is an example log entry (line broken for 
readability)

ipmon[75]: 11:07:08.443851 sis0 @0:15 b
   192.168.1.51,63864 -> 66.111.4.160,993 PR tcp len 20 101 -AFP IN

I am not having any user experienced difficulties with reaching port 
993 on that remote host from inside my LAN at 192.168.1.51.  It seems 
that only the occasional packet is blocked.

I haven't been able to check systematically (syslogd on OS X sucks), 
but my impression is that this is only happening with IMAP and IMAPs.

The only outgoing rules I have are to block ports 137-139,

Any insight into this would be welcome.  Also I'd like to get 
recommendations for good books on packet filtering firewalls including 
NAT.

Cheers,

-j

-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/