Firewalls: adding a rule on firewall1

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	adding a rule on firewall1
From:	High Mercury <merc @ icanect . net>
Date:	Wed, 8 Oct 1997 19:57:43 -0400 (EDT)
To:	firewalls @ greatcircle . com

I have been trying to set up the following on a ultra sparc running
firewall1 v2.1.  Here is the network.

                |                                      |  
     external   |                                      |  internal
     network    |                                      |  network
                |                                      | 
   ---------          -------------     --------------    ---------
   | Host1 |----------| Firewall1 |-----| GauntletFW |----| Host2 | 
   ---------          -------------     --------------    ---------

GauntletFW is the tis gauntlet firewall

I want to be able to connect to port 1138 on Host2 from Host1.  I have added
the appropriate rules on gauntletfw and I can telnet to host2 from
gauntletfw sucsessfully using the "telnet host2 1138"  command.  However
When trying to do the same from host1, it will not connect.

The rule I added (#15) was the follwing:

Source  :  Host1   defined as external,host,firewall1 not installed
Dest    :  Host2   defined as internal,host,firewall1 not installed
Service :  Created a service called test with port 1138 and no src port range.
Instl on:  Gateways
Action  :  Accept

This is set to accept those packets.  However when I try to telnet from
host1 to host2 on port 1138, this is what the log gives me:

                                  act  serv. src   dest  prot rule S_Port 
107224 8Oct97 19:20:05 le0 helius STOP test  host1 host2 tcp  15   1088  len60

Now even though it said rule 15 is the rule which prevented the packet from
being let through, I have found no matter what rule I set for #15, even
if it has nothing at all to do with that port or hosts, it still says 15
is the rule which is not letting it through.  This leads me to believe
that either my changes have not taken effect ( I have saved it and exited
and rentered the fwui app many times and it will always come up with the
changes I last made ).  Is this all you need to do to make the changes take
effect or am I missing a step? If that's not it, what could it be then?

Also, each time I do a "telnet host2 1138" from host1, I notice that the
S_port in the log is usually increased by one.  I have tried to set up the
test service with a src port range of 1024-1500 but still it didn't work.
I have also tried defining the serivce in the /etc/services file on the
firewall1 host and host1.  I don't know if that is needed or not but tried
so it would recognize the service and it still failed.

Any help would be appreciated.

merc

Indexed By Date	Previous:	RE: Firewall-1, packet -VS- Proxy From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Date	Next:	Re: The risk management system mentioned below... From: Information Security <guy @ panix . com>
Indexed By Thread	Previous:	Re: Firewall routing setup, Solaris 2.5.1 From: Security Mail list <firewall @ corefacts . co . uk>
Indexed By Thread	Next:	Re: The risk management system mentioned below... From: Information Security <guy @ panix . com>