FireHOL

Hi,

I have snmp servers running on machines A and B.

When I start firehol on the machine B, snmp requests from B to A fail
with a timeout.
When firehol is stopped, it works fine.

I can see such a log on the machine B:

Aug 18 08:33:24 sd-18517 kernel: [4671769.087536] ''IN-inet':'IN=eth0
OUT= MAC=00:15:17:9c:be:a8:00:24:97:da:5f:bf:08:00 SRC=IP_A DST=IP_B
LEN=128 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=161 DPT=40361
LEN=108

In the firehol configuration, I have written "server snmp accept".
And anyway this is about outgoing requests, and I have "client accept all"
so I don't understand what is the problem.

It looks like it has problems to recognize that the reply is related to
the outgoing query.

Below is my firehol.conf file.

The machine B is running debian lenny, Kernel is 2.6.26, X86 / 64bits.
Nothing else installed related to network filtering.

Thanks for any hint,

Alain



version 5

home_ips="88.191.109.18 88.191.111.18"

interface eth+ inet

server snmp accept

server http accept
server https accept
server ftp accept
server dns accept
server rndc accept
server smtp accept
server pop3 accept
server ssh accept
server ping accept

server netbios_ns drop
server netbios_dgm drop
server dhcp drop

server ident reject with tcp-reset # be nice and don't let other hosts wait
for the timeout

client all accept