Hi, on 1.9, I have Int (192.168.11.x), Ext (24.5...), and DMZ (10.0.0.x).
I have PSD on, but excluding Int to ANY.
However, when I use GameSpy from a PC on Int, I get PortScan warnings in email, and also, while gamespy is running, nothing else from that workstation can get on the internet or to the firewall including https, ssh, ...
I know it is not a bug in gamespy on the workstation; it works fine with other (linux) firewalls.
I'm guessing the PSD is dropping all packets from that PC while gamespy is running. Since I've excluded the internal network, this shouldn't be happening.
Portscan detected:
Jul 11 22:32:33 bjgfw kernel: PORTSCAN: Portscan detected from 192.168.11.13 to 24.179.179.xxx and others, TOS 00, TTL 128, scanned ports:
...
I have the exclusion in PSD as:
Private Internal Network
which = 192.168.11.0 / 255.255.255.0
Thanks,
Barry
-----------------------------
Current packet filter rules
Chain INPUT (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
PSD_MATCHER all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_INPUT all -- 0.0.0.0/0 0.0.0.0/0
TTT_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
PSD_MATCHER all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
USR_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
TTT_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain AUTO_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain AUTO_INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 172.16.0.0/12 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 146.12.3.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 192.168.11.0/24 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
LOGDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
LOGDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
LOGDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.11.254 tcp spts:1024:65535 dpt:1080
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain AUTO_OUTPUT (1 references)
target prot opt source destination
ACCEPT tcp -- 24.5.123.34 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FIX_CONNTRACK (3 references)
target prot opt source destination
Chain LOCAL (3 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROP (6 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0
LOG udp -- 0.0.0.0/0 0.0.0.0/0
LOG esp -- 0.0.0.0/0 0.0.0.0/0
LOG ah -- 0.0.0.0/0 0.0.0.0/0
LOG icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -f 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain PSD_ACTION (2 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain PSD_MATCHER (2 references)
target prot opt source destination
RETURN all -- 192.168.11.0/24 0.0.0.0/0
PSD_ACTION tcp -- 0.0.0.0/0 0.0.0.0/0 psd options
PSD_ACTION udp -- 0.0.0.0/0 0.0.0.0/0 psd options
Chain TTT_ACCEPT (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:222
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpts:33000:34000
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 code 0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:113
DROP tcp -- 0.0.0.0/0 192.168.11.255 tcp spt:137 dpt:137
DROP udp -- 0.0.0.0/0 192.168.11.255 udp spt:137 dpt:137
DROP tcp -- 0.0.0.0/0 192.168.11.255 tcp spt:138 dpt:138
DROP udp -- 0.0.0.0/0 192.168.11.255 udp spt:138 dpt:138
DROP tcp -- 0.0.0.0/0 192.168.11.255 tcp spts:1024:65535 dpt:139
DROP udp -- 0.0.0.0/0 192.168.11.255 udp spts:1024:65535 dpt:139
DROP tcp -- 0.0.0.0/0 24.5.123.255 tcp spt:137 dpt:137
DROP udp -- 0.0.0.0/0 24.5.123.255 udp spt:137 dpt:137
DROP tcp -- 0.0.0.0/0 24.5.123.255 tcp spt:138 dpt:138
DROP udp -- 0.0.0.0/0 24.5.123.255 udp spt:138 dpt:138
DROP tcp -- 0.0.0.0/0 24.5.123.255 tcp spts:1024:65535 dpt:139
DROP udp -- 0.0.0.0/0 24.5.123.255 udp spts:1024:65535 dpt:139
DROP tcp -- 0.0.0.0/0 10.0.0.255 tcp spt:137 dpt:137
DROP udp -- 0.0.0.0/0 10.0.0.255 udp spt:137 dpt:137
DROP tcp -- 0.0.0.0/0 10.0.0.255 tcp spt:138 dpt:138
DROP udp -- 0.0.0.0/0 10.0.0.255 udp spt:138 dpt:138
DROP tcp -- 0.0.0.0/0 10.0.0.255 tcp spts:1024:65535 dpt:139
DROP udp -- 0.0.0.0/0 10.0.0.255 udp spts:1024:65535 dpt:139
Chain USR_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- 192.168.11.0/24 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpt:80
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpts:20:21
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpt:21
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp dpt:22
Current NAT rules
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PSD all -- 0.0.0.0/0 0.0.0.0/0 PSD options
SPOOF_DROP all -- 0.0.0.0/0 0.0.0.0/0
AUTO_NAT_PRE all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
AUTO_NAT_POST all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AUTO_NAT_OUT all -- 0.0.0.0/0 0.0.0.0/0
Chain AUTO_NAT_OUT (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpts:20:21 to:10.0.0.10:20-21
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:21 to:10.0.0.10:21
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:80 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:2222 to:10.0.0.10:22
Chain AUTO_NAT_POST (1 references)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0
MASQUERADE all -- 192.168.11.0/24 0.0.0.0/0
Chain AUTO_NAT_PRE (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpts:20:21 to:10.0.0.10:20-21
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:21 to:10.0.0.10:21
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:80 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.5.123.45 tcp spts:1024:65535 dpt:2222 to:10.0.0.10:22
Chain LOGDROP (0 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0
LOG udp -- 0.0.0.0/0 0.0.0.0/0
LOG esp -- 0.0.0.0/0 0.0.0.0/0
LOG ah -- 0.0.0.0/0 0.0.0.0/0
LOG icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -f 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain SPOOF_DROP (1 references)
target prot opt source destination
LOG all -- 192.168.11.254 0.0.0.0/0
DROP all -- 192.168.11.254 0.0.0.0/0
LOG all -- 24.5.123.0/24 0.0.0.0/0
DROP all -- 24.5.123.0/24 0.0.0.0/0
LOG all -- 10.0.0.0/24 0.0.0.0/0
DROP all -- 10.0.0.0/24 0.0.0.0/0
LOG all -- 24.5.123.45 0.0.0.0/0
DROP all -- 24.5.123.45 0.0.0.0/0
LOG all -- 192.168.11.0/24 0.0.0.0/0
DROP all -- 192.168.11.0/24 0.0.0.0/0
LOG all -- 10.0.0.0/24 0.0.0.0/0
DROP all -- 10.0.0.0/24 0.0.0.0/0
LOG all -- 10.0.0.254 0.0.0.0/0
DROP all -- 10.0.0.254 0.0.0.0/0
LOG all -- 192.168.11.0/24 0.0.0.0/0
DROP all -- 192.168.11.0/24 0.0.0.0/0
LOG all -- 24.5.123.0/24 0.0.0.0/0
DROP all -- 24.5.123.0/24 0.0.0.0/0
[ 17 July 2001: Message edited by: barrygould ]
Guest User!
You are not Sophos Staff.
