Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 572 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing Contentfilter Server Traffic

CClasen
I've got a FW rule stating any any allow from source IP 74.200.200.122.  My logs are showing that traffic from this address bound for my public IP is still being dropped per rule 60001. 

Also, what is the best way to make sure traffic from the contentfilter servers is being let through?


This thread was automatically locked due to age.
Parents
  • 0
    It's likely that the dropped traffic is not anything you need.  Please post the line from the Firewall log file (not the Live Log) showing the default drop.

    Cheers - Bob
  • 0 in reply to BAlfson
    2012:10:01-08:37:04 fw ulogd[5637]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:a0:c8:5c:2a:ab" dstmac="0:1a:8c:16:ac:c9" srcip="74.200.200.122" dstip="" proto="6" length="40" tos="0x00" prec="0x00" ttl="51" srcport="80" dstport="55123" tcpflags="RST"


    They are all RSTs or ACKs so I'm guessing the FW is requesting them?  Am I correct that these are attempts to update the content filter URL database?
Reply
  • 0 in reply to BAlfson
    2012:10:01-08:37:04 fw ulogd[5637]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:a0:c8:5c:2a:ab" dstmac="0:1a:8c:16:ac:c9" srcip="74.200.200.122" dstip="" proto="6" length="40" tos="0x00" prec="0x00" ttl="51" srcport="80" dstport="55123" tcpflags="RST"


    They are all RSTs or ACKs so I'm guessing the FW is requesting them?  Am I correct that these are attempts to update the content filter URL database?
Children
No Data