[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with port 443 traffic



port 443 (ms sql server traffic) is being blocked because you dont have a
rule to pass it in
your ruleset allows only smtp, ssh, and https to come in, everything else
is being blocked
is that the only "problem" you are having? or is the email not functioning
properly either?
scott
On Tue, 18 Mar 2003, Sid Keller wrote:
> I having some problems with my rulesets for an email server.  The server
> is not behind a firewall but I have pf enabled on the server.  Here is
> my ruleset.
>
> ###############################################################################
> #----------------------------------------------------------
> # Variable Section
> #----------------------------------------------------------
> int_if="fxp0"
> nonroute="{ 192.168.1.0/24, 172.16.0.0/12, 127.0.0.0/8, 10.0.0.0/8,
> 0.0.0.0/8 }"
> approved_mgmt_net="{ x.x.x.x }"
> server_ip="{ x.x.x.x }"
> #************************************************************************
> #************************************************************************
> #        Firewall Rulebase Begin
> #************************************************************************
> #************************************************************************
> #
> #----------------------------------------------------------
> #        Packet Normalization (deny fragmented packets)
> #----------------------------------------------------------
> scrub in all
> #----------------------------------------------------------
> #        Default Deny
> #----------------------------------------------------------
> block in log all
> #----------------------------------------------------------
> #        Allow Loopback Packets
> pass in  quick on lo0 all
> pass out quick on lo0 all
> #----------------------------------------------------------
> #        Drop Spoofed Packets
> #----------------------------------------------------------
> block in  log quick on $int_if from $nonroute to any
> block out log quick on $int_if from any to $nonroute
> #----------------------------------------------------------
> #        Drop wrong TCP Flags
> #----------------------------------------------------------
> block in quick on $int_if inet proto tcp from any to any flags FUP/FUP
> #----------------------------------------------------------
> #----------------------------------------------------------
> #        Firewall RULES
> #----------------------------------------------------------
> pass  in quick on $int_if inet proto tcp from $approved_mgmt_net to
> $server_ip port ssh
> pass in  quick on $int_if inet proto tcp from any to $server_ip port
> https flags S/SA modulate state
> pass in  quick on $int_if inet proto tcp from any to $server_ip port {
> smtp } flags S/SA modulate state
> #----------------------------------------------------------
> #        Allow Return Traffic and Connection From Firewall
> #----------------------------------------------------------
> pass out on $int_if inet proto { tcp, udp, icmp } all keep state
>
> Here is a snippet from my pflog file using tcpdump -n -e -ttt.
>
> Mar 07 10:58:10.177507 rule 1/0(match): block in on fxp0:
> user.ip.address.1501 > my.ip.address.443: F 71818460:71818460(0) ack
> 3194040235 win 5549 (DF)
> Mar 07 10:58:10.183314 rule 1/0(match): block in on fxp0:
> user.ip.address.1502 > my.ip.address.443: F 71819657:71819657(0) ack
> 963312026 win 5549 (DF)
>   Mar 07 11:52:59.986506 rule 1/0(match): block in on fxp0:
> user.ip.address.1586 > my.ip.address.443: R 75169994:75169994(0) win 0 (DF)
> Mar 07 11:52:59.990614 rule 1/0(match): block in on fxp0:
> user.ip.address.1585 > my.ip.address.443: R 75170656:75170656(0) win 0 (DF)
>
> I'm curious as to why the above traffic is being block on port 443.
>
> Thanks for your help.  Any other suggestions concerning my ruleset would
> be greatly appreciated.
>
>
> --
> Sid Keller
>
>