"Michael D. Schleif" wrote:
>
> Charles Steinkuehler wrote:
> >
> [ snip ]
>
> > I'm confused. I don't think the firewall rules on the .65 machine can be
> > your problem, since you're seeing the request packets go out, and even if
> > the replies were being dropped, tcpdump would see them at
Charles Steinkuehler wrote:
>
> > Did you see this, yesterday?
>
> Yeah...got distracted while analizing & it got dropped...
OK, sorry for my impatience . . .
> > > The final problem is the fact that you can't do an snmpwalk from the
> > > firewall to the DMZ. Apparently, the SNMP query pack
> Did you see this, yesterday?
Yeah...got distracted while analizing & it got dropped...
> > The final problem is the fact that you can't do an snmpwalk from the
> > firewall to the DMZ. Apparently, the SNMP query packets are
transmitted,
> > but no response is recieved. I still don't understa
Charles Steinkuehler wrote:
>
[ snip ]
>
> If you want to open UDP services to the outside world, an ALLOW rule for the
> response packets needs to be generated, so the packets don't hit the "catch
> all" UDP masqerade rule at the end of the DMZ rules in the forward chain
> (which allows DMZ
> I am sorry; but, I thought that I differentiated each of my examples.
> Is there away to get tcpdump to listen to more than one (1) interface at
> a time? -i any does *not* work . . .
Run multiple instances of tcpdump, with each instance writing to a different
output log file...
> This is the
Charles Steinkuehler wrote:
>
> > I was not certain what it is that you want to see -- see below.
> >
> > tcpdump output, run on the local DCD :
>
> OK, this helps, but I'm still not sure what I'm looking at. Which interface
> did you run the tcpdump on? I'm guessing from the packet traffic w
> I was not certain what it is that you want to see -- see below.
>
> tcpdump output, run on the local DCD :
OK, this helps, but I'm still not sure what I'm looking at. Which interface
did you run the tcpdump on? I'm guessing from the packet traffic we're
looking at the upstream interface, and
> We have a DCD setup, including a proxy dmz.
>
> SNMP queries work everywhere, excepting systems residing on that dmz.
> Let me clarify that: snmp queries respond properly from clients inside
> the private network; but, *not* from the DCD firewall nor internet
> hosts.
>
> Running iptraf on the f
Charles Steinkuehler wrote:
>
> > We have a DCD setup, including a proxy dmz.
> >
> > SNMP queries work everywhere, excepting systems residing on that dmz.
> > Let me clarify that: snmp queries respond properly from clients inside
> > the private network; but, *not* from the DCD firewall nor int
We have a DCD setup, including a proxy dmz.
SNMP queries work everywhere, excepting systems residing on that dmz.
Let me clarify that: snmp queries respond properly from clients inside
the private network; but, *not* from the DCD firewall nor internet
hosts.
Running iptraf on the firewall, we
10 matches
Mail list logo
