I have DLF-1600 firewall working in transparent mode, all stateful connections are working brilliant, however for passive fingerprinting purposes I need to bypass stateful engine and forward packet straight to linux box. There is FwdFast rule, but it triggers only on incoming traffic, not outcoming. I've tried to make it together with SAT rule but no success. I've got two rules to accomplish it:
SMTP_in FwdFast any all-nets any IP_SMTP smtp SMTP_out FwdFast any IP_SMTP any all-nets smtp
And only first one is trigerred, although IP_STMP responses correctly, tcpdump from IP_SMTP IP 22.214.171.124.45558 > 126.96.36.199.25: F 815:815(0) ack 293 win65243 IP 188.8.131.52.25 > 184.108.40.206.45558: . ack 816 win 6850
Could you please help me with this issue?
Best Regards, Tomasz