Please can somebody help identify why we see the following log message: ---------------
Sep 11 22:27:38 pri=4 flt_type=default msg="Rejecting invalid packet" proto=80/tcp src=AAA.241.185.227 srcport=1139 dst=BBB.89.164.53 dstport=80 interface=fxp3 flags=0x4 --------------- This configuration is part of a larger set-up and I have tried to omit the irrelevant details for simplicity. The firewall is an HA pair of GB-1000 version 3.4.0 The source address is a Win 2k client on a dynamic IP address, using IE6. The destination is the external interface of the HA pair, and there is an inbound tunnel to a web server on the protected interface. The tunnel has "hide source address" set so the internal webserver sees the requests as coming from the protected interface on the firewall. The "invalid packets" are therefore arriving on the external interface, and are destined for the protected web server The client does not appear to have problems seeing the webserver - these messages therefore do not occur for every packet. So the question is: why are only some of the packets perceived as invalid? If we remove the "hide source address" setting from the inbound tunnel (so that the server sees packets coming from AAA.241.185.227) these error messages reduce very substantially - but they don't disappear entirely. My conclusion is that there is nothing wrong with the packets arriving at the external interface, but the firewall falsely recognises some as invalid when it translates them to achieve "hide souce address" for the transfer to the protected network. Any ideas? Regards, -- Graham Jones [EMAIL PROTECTED] 01953 717605 or 077 74 894200 www.linnetsol.co.uk ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://www.mail-archive.com/[EMAIL PROTECTED]
