Statefull Inspection not working properly?

Home Page Forums Network Management ZeroShell Statefull Inspection not working properly?

This topic contains 2 replies, has 0 voices, and was last updated by  gr0bbeb0l 11 years, 3 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • January 3, 2008 at 5:32 pm #40856

    gr0bbeb0l
    Member

    Hi,

    Can anybody tell me what im doing wrong or is it a fact that the statefull inspection is not working properly?

    The problem: I always have to create two rules to get a connection working. For example, i want to setup an allow rule from eth4 (outside) any to eth3 (dmz) 172.16.30.22 port 25. To get this active i need to make the following two(!) rules:

    ETH04 ETH03 ACCEPT tcp opt — in ETH04 out ETH03 0.0.0.0/0 -> 172.16.30.22 state NEW,ESTABLISHED tcp dpt:25

    ETH03 ETH04 ACCEPT tcp opt — in ETH03 out ETH04 172.16.30.22 -> 0.0.0.0/0 state NEW,ESTABLISHED tcp spt:25

    Where i would expect that one rule would be enough as long as you select the New and Established connection options.

    Can anyone explain me?

    Ferry.

    January 7, 2008 at 10:38 am #46076

    gr0bbeb0l
    Member

    38 views and everybody thinks this is normal?… i doubt that…. 😆

    afaik this is not normal using a firewall with State full inspection supported. 🙄

    If you have the same please tell me so i know im not alone in this… if you are not having this “problems” please let me know too.

    Ferry

    January 9, 2008 at 1:40 pm #46077

    szhukov
    Member

    IMHO, everything is OK. Two rules required.
    Rules describing packets for DIFFERENT interfaces.
    This statefull inspection NOT to have to know about reverse traffic.
    The first rule allow traffic from eth04 to eth03 interfaces WITH DEFINED STATE (new or established), but traffic from eth03 to eth04 is undefined at all. May be, there are no reverse packets to initiating port on eth04, but there is a traffic to new port – aka RELATED. Statefull inspection works with such state definitions only.
    Are your xKerio-user? It’s true, many ms-windows firewalls do that – only one direction of traffic must be defined, but there are TWO hidden rules inside.

    Sorry for my English, I hope, main of my post is clear 😳

    January 14, 2008 at 12:28 pm #46078

    gr0bbeb0l
    Member

    Ok,.. thanks for your reply.

    Your post is clear to me.

    I thought if i – for example – define a rule from eth04 (outside) to eth03 (dmz) to allow rdp (3389) to a host, the firewall inspects the session and if it is established it allows the way back automatically. It is afterall established, but in this case, the way back if have to define myself with a second rule.

    Ferry.

    PS:”No, im not a xKerio-user, in fact… i dont even know what that is … 😆 “.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.