G'day,
I'm a bit worried about my Firewall rules not working properly. I have a Zyxel router and after examining the logs, I have noticed that my rules are forwarding on access requests eventhough, to me, the rule should block it. The default action for packets not matching the rules is set to block.
1)Below is one record of access being granted on Rule 5:Firewall rule match: TCP (W to L, rule:5) 222.175.117.220:3981
192.x.x.30:1433 ACCESS FORWARDRule 5 is set up as the following: Source IP = Any Dest IP = 192.x.x.2/255.255.255.0 (This is our Win 2003 server's internal IP address) Service = TCP 4125 Action = Forward
Should my rule designate our server's external IP address in the Dest IP address?
How can access be granted on Rule 5 which is concerned wuth port 4125 and the access request designates port 1433?
Until I get a better understanding of what is going on, I have disabled access through Rule 5 (my apologies to the China Network Communications Group Corporation for stopping your access requests to our server).
2)Below is one record of access being granted on Rule 3:Firewall rule match: TCP (W to L, rule:3) 81.91.226.142:3584
192.x.x.30:80 ACCESS FORWARDRule 3 is set up as the following: Source IP = x.x.x.205/255.255.255.0 (our Win2003 servers external IP add) Dest IP = 192.x.x.2/255.255.255.0 (our Win 2003 servers internal IP add) Service = TCP 444 Action = Forward
In this case the source & destination IP address of the rule does not match that of the logged source & destination IP address. The
192.x.x.30 machine is an older Win2k server on our network.Any help most appreciated.