Re: [Fwbuilder-discussion] Problems with rules

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Now I am accepting both... but still I get this on the log:
Jun 17 19:21:55 interno kernel: RULE 6 -- DENYIN=ppp0 OUT= MAC= 
SRC=200.95.38.212 DST=200.67.176.23 LEN=48 TOS=0x00 PREC=0x00 TTL=123 
ID=17655 DF PROTO=TCP SPT=3339 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

which by the way I see that the one that is denying is protocol of Tcp

any thoughts?

Fried Melgar, Gustavo wrote:
> In your roule 00, Are you accepting http/tcp and http/udp services? 
> 
> 	-----Original Message----- 
> 	From: susemail [mailto:sus...@vi...] 
> 	Sent: Tue 6/17/2003 3:00 PM 
> 	To: fwb...@li... 
> 	Cc: 
> 	Subject: [Fwbuilder-discussion] Problems with rules
> 	
> 	
> 
> 	hello everyone, I am a bit new to fwbuilder, and as I couldn't find why my
> 	rules are not working as I want them to...
> 	The rules I have in Policy are:
> 	
> 	Num:SOURCE      :Destination:Service:Action :time
> 	00 :any         :HostA      :http   :accept :any
> 	01 :any         :firewall   :ssh    :accept :any
> 	02 :firewall    :any        :dns    :accept :any
> 	03 :internal-net:firewall   :dns    :accept :any
> 	04 :internal-net:any        :any    :accept :any
> 	05 :any         :any        :any    :deny   :any
> 	
> 	In adsl interface of the firewall I have
> 	Num:SOURCE      :Destination:Service:Acction:direction
> 	00 :any         :firewall   :http   :accept :BOTH
> 	01 :firewall    :           :       :       :
> 	   :internal-net:any        :any    :deny   :Inbound
> 	
> 	In my Nat I have:
> 	
> 	Num:Orig SRC    :Orig DST:Orig SRV:Trans SRC:Trans DST:Trans SRV
> 	00 :any         :firewall:http    :Original :HostA    :Original
> 	01 :internal-net:any     :any     :adsl     :Original :Original
> 	
> 	My Firewall object has
> 	adsl -> it is ppp0 interface with the public dynamic IP address
> 	external -> is eth1 which connects to the ADSL modem via ethernet
> 	internal -> is eth0 which connects to my internal network
> 	lo -> local interface 127.0.0.1
> 	
> 	The problem here is that when I try to access port 80, of the IP address I am
> 	suposely nating to HostA, I get that it denies it because of Rule 5 of the
> 	global. Of course if I set to allow Rule 5 instead of deny, it does the
> 	nating...
> 	
> 	Any help will be apreciated.
> 	
> 	Thanks in advance.
> 	--
> 	
> 	
> 	-------------------------------------------------------
> 	This SF.Net email is sponsored by: INetU
> 	Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> 	Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> 	INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> 	_______________________________________________
> 	Fwbuilder-discussion mailing list
> 	Fwb...@li...
> 	https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
> 	
> 