Greetings gurus.
I have now discovered something else in connectio with a problem I was
having. Yesterday I realised that some machine from our ISP [machine A] was
sending us packets that were getting droped by the firewall originating from
port 80 and going to ports ranging from 34000 to 37xxx. At first I thought
it was a port scan being done on the firewall. Then I thought it was
time-out backward connections being blocked so I increased the UDP time out.
The packets were going to our mail server and direct to the firewall.
Now the mail server has both a legal and illegal address [using static
source/dest NAT]. After digging thru the log files some more, I realised
that our mail server was doing DNS queries to machine B. The secondary DNS
server for the our mail server is machine B.
Turns out that our ISP has a DNS server cluster. Machine B being the
virtual/primary [whatever] address for the DNS cluster. Now what happens is
that when our mail server does a DNS query to machine B, machine A answers
the query and because machine A does not have a valid connection in the
state table, the packets are being dropped.
Now, how do I get around this problem?? Is it possible to fix this??
__________________________________________________________
Langa Kentane | TEL: (011) 290 3218
Security Administrator | Cell: 082 606 1515
DISCOVERY HEALTH | http://www.discoveryhealth.co.za
__________________________________________________________________
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
