[Shorewall-newbies] Re: tcpflags SYN+FIN -- I use nessus from a pc inside the firewall

Tom Eastep teastep at shorewall.net
Tue Mar 2 12:28:07 PST 2004

On Tue, 2 Mar 2004, Nian Ma wrote:

> Nessus was running from a PC inside the firewall. Since the tcpflags are
> set on the same interface, I thought the TCP SYN+FIN packages will be
> dropped no matter where the source hosts are. I guess that's the
> problem, but why?

I'm guessing that you gave nessus the IP address of your external
interface in the belief that the packets would somehow fly to the
otherside of your firewall and enter it from the WAN side. They didn't --
they entered through eth1 which does NOT have tcpflags specified.

> Do you still need the status file?


Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list