Good point Stijn, I am sorry to post without subject and such
it must be the early morning.
The relevant entries in my rules file:
ACCEPT net fw tcp 25
ACCEPT net fw tcp 80
ACCEPT net fw tcp 22
ACCEPT net fw tcp 21
ACCEPT net fw udp 21
REJECT loc net tcp 25
DNAT net loc:10.10.10.254 tcp 21
DNAT net loc:10.10.10.254 udp 21
#10.10.10.254 beeing the back firewall
Policy file, complete:
loc net ACCEPT
#like playing russian rulette
loc fw ACCEPT
fw loc ACCEPT
fw net ACCEPT
#i''m allowing traffic by rules
net dmz DROP info
dmz net ACCEPT
#i don''t know if I need this, the dmz zone has two public addres
#proxy-arped hosts
fw dmz ACCEPT
dmz fw ACCEPT
net net DROP info
net all DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
Hope this helps.
---
Ligiu Uiorean
departament IT - SANEX SA
ligiu.uiorean@ro.lasselsberger.com
tel. +40-740-116.117
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Stijn
Jonker
Sent: Friday, October 08, 2004 9:00 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] (no subject)
Hello Ligiu,
First of all, my knowledge of ISA is very limited, so I don''t know what
it''s refering to with those alerts..
Ligiu A. Uiorean said the following on 08-Oct-04 7:50:
> With shorewall acting as a front firewall and M$ ISA Server 2004
acting> as a back firewall. I turned all ''intrusion alerts''
>
> On at the ISA server expecting not to get any since shorewall should
> block everything.
> Now to the problem:
> I am getting quite a few alerts on the ISA server, regarding possible
> intrusion alerts mainly port scan attempts and half scan attempts (as
ISA names them) by public IP addresses. >
> Any idea how this could happen? How can packets get thru shorewall?
Probally because you allowed them.... OR because the radiation being
transmitted by the sun is so intense that shorewall can''t filter
correctly.
But now honestly, you don''t mention anything in regards to your
configuration, rules etc. How are we suposed to help you?
Please see the url below on how to provide info so ppl can help you.
http://www.shorewall.net/support.htm
--
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm