CHX-I Inbound Rules problem

Discussion in 'other firewalls' started by soniak, Nov 13, 2005.

Thread Status:
Not open for further replies.
  1. soniak

    soniak Guest

    I have a problem with incoming rules in CHX-I 3.
    When I define inbound rule,

    (ex. Eth Type=IP, SrcMAC=router_mac, DstMAC=NICMAC, Protocol TCP, direction=Inbound, src=any, dst=my_ip, dstPort=80)

    it looks like the stateful mechanizm is down.The packets are send normally (passed by the outbound filter), but the answer (flags ACK, SYN) is blocked. The stateful mechanizm don't recognized them. What is wrong?

    Sorry for my bad english, and thanks for help.
     
  2. Arup

    Arup Guest

    Do you have SPI enabled in the interface properties? Is your system showing stealth at GRC and Sygate scan?
     
  3. soniak

    soniak Guest

    Yes, I have enabled Stateful Inspection for TCP and UDP. This happend only if I used the Allow rules. When I change Allow into Force Allow Everything with higher priority everythinh is OK. What's wrong?
     
  4. Arup

    Arup Guest

    Can you elaborate what app this rule is for? Also, have you tried out the sample WAN filter from IDRCI?
     
  5. soniak

    soniak Guest

    have Apache Server in my LAN and configured port directrion on the Router. I would like to used this rule with my HTTP Server, to allow incoming traffic and block any other incoming traffic (I don't use rules, that will block incoming traffic, because IDRCI says that everything which is not specified in the allow rules is prohibited).
    Rules on IDRCI have the force allow too. Is it means that the "allow rules" are not apropriate to incoming traffic?
    When I used it, the CHX behave like classic packet filter without Stateful Inspection.
     
  6. Arup

    Arup Guest

    Soniak,

    Send Stephan a PM at SSC, he would be a better person to explain this, by doing Force Allow to port 80, you are thereby over riding the other rules and giving this one higest priority, my question to you would be, if you are already behind and router and have done port forwarding, why use CHX and do double SPI.
     
Loading...
Thread Status:
Not open for further replies.