Hi,
Can anybody tell me what im doing wrong or is it a fact that the statefull inspection is not working properly?
The problem: I always have to create two rules to get a connection working. For example, i want to setup an allow rule from eth4 (outside) any to eth3 (dmz) 172.16.30.22 port 25. To get this active i need to make the following two(!) rules:
ETH04 ETH03 ACCEPT tcp opt — in ETH04 out ETH03 0.0.0.0/0 -> 172.16.30.22 state NEW,ESTABLISHED tcp dpt:25
ETH03 ETH04 ACCEPT tcp opt — in ETH03 out ETH04 172.16.30.22 -> 0.0.0.0/0 state NEW,ESTABLISHED tcp spt:25
Where i would expect that one rule would be enough as long as you select the New and Established connection options.
Can anyone explain me?
Ferry.