[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Getting port scans while I would think that the system that is sc anned is not reachable because of my pf rules
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Getting port scans while I would think that the system that is sc anned is not reachable because of my pf rules
- From: forums <forum_(_at_)_vanleeuwen_(_dot_)_nl>
- Date: Mon, 7 Feb 2005 11:00:16 +0100
> Hello,
>
> I have the following situation, OpenBSD 3.6 is my Front-Firewall, the NIC
> on the Internet side is FXP0
> On the inside I have a NIC called XL0 which is connected to a
> Back-Firewall (cross cable).
>
> I only want traffic going to the internet if it was setup/requested by the
> back-firewall first (statefull of course).
>
> Back-Firewall <---> XL0 OpenBSD3.6 FXP0 ----> Internet
>
> So, i have this :
>
> # pfctl -s rules
> scrub in all fragment reassemble
> block drop in all
> block drop out all
> block return-rst in on fxp0 inet proto tcp from any to any port = auth
>
> pass in on xl0 inet from <ip back firewall> to any
> pass out on xl0 inet from any to <ip back firewall>
>
> pass out on fxp0 proto tcp all flags S/SA modulate state
> pass out on fxp0 proto udp all keep state
> pass out on fxp0 proto icmp all keep state
>
> Now, my back-firewall still tells me that it is getting port scans from
> the Internet, but i would think the system would not be reachable at all
> because I block everything in that direction unless it was setup first ?
> Both systems do have a internet ip address, devided by subnetting. So
> there is no NAT being done.
>
> What am I missing here ? Why do port scans still reach my internal
> Firewall ?
>
> regards
> Willem
Visit your host, monkey.org