Thanks. Tried it and still unable to get pass the firewall. According to the logs, the packets arrive on the internal interface but I do not see it going out the external interface.
Any suggestions will be appreciated.
Thanks
-----Original Message-----
From: <Aaron Reynolds> [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 21, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] TCP RCP from Firewall
There is a rule for this. It is an implied rule that allows traffic to
originate from the firewall. Check your policy properties for this. What
version are you running?
-Aaron
-----Original Message-----
From: Crist Clark [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 18, 2002 6:03 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] TCP RCP from Firewall
My firewall seems to be generating TCP RPC traffic all on its own. It's
pretty strange. I've done some snoops on the traffic to get a packet
capture. When the connection is successful the firewall does a dump of
the RPC services on the remote machine (like an 'rpcinfo -p <host>' does).
It's freaking me out a bit. The firewall itself is the _source_ of the
connection attempts. There are no rules allowing this traffic. There are
no entries in the logs of the connection attempts. In fact, the connections
should be blocked. If I do an 'rpcinfo -p <host>' on the firewall to one of
the machines the firewall is _successfully_ connecting to on its own, the
attempt is dropped and logged. All the more reason to believe it is the
Check Point software itself doing this and ignoring its own policy. The
connections the firewall tries seem to correlate to other machines trying
to reach the same hosts. It seems like some host A tries to, say, connect
to host B on SMTP (25/tcp), but this is not allowed by policy. The firewall
itself makes a connection attempt to host B on 111/tcp before logging the
deny for 25/tcp. The 111/tcp is not logged.
I'm guessing this has something to do with enabling TCP RPC services.
However, no where have I seen documentation mentioning that the firewall
is going to be running around doing RPC dumps on machines everytime
someone wants to make any TCP connections. Does anyone have more info
on this or seen this before?
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
