Killed my firewall from accessing FTP
-
I killed my firewall. I am running 1.2.1. I updated the firewall rules from remote, and now I have no access to anything.
I changed the ftp IP address in the nat area of the firewall and now I can't connect to the firewall or anything. I will be back at my home site tomorrow. I guess I reboot and fix the dameage tomorrow. Anything what might have happened.
RC -
I found out after letting the firewall settle down (2 hours) it came back up. When ever I try to access to the FTP server that is when it completely hangs up. It takes about two hours for it come back up.
I am going to do some testing this is with 1.2.1. Everything was working fine. The only change that I have made is enabling openVPN. I am running IPSEC, OpenVPN, Snort, IPERF, and phpSysInfo.
Anyone got any Ideas?
-
Ok, All you experts out there, I just finished my testing. I have identified that snort was the culprit. With snort enabled all FTP access was blocked, and that blocked the IP that I was coming from for a hour.
Snort is reporting a malformed packet coming from a cmd line FTP client to Cerberus FTP running on my vista workstation. I only enable FTP on a as needed basis.
I have the following SNORT rules enabled:
attack-responces.rules
backdoor.rules
ddos.rules
oracle.rules
pop2.rules
porn.rules
specified-threats.rules
spyware-put.rules
web-attacks.rules
x11.rulesCan anyone tell my what to modify? With snort running is is killing my efforts to work on OpenVPN and other activities because I currently have to move files via FTP.
I currently have SNORT disabled and OpenVPN enabled and still have access.
RC -
Think I have a similar problem. As far as I know I can tell you that the rules are not the origin but the ftp preprocessor. http://snort.org/docs/snort_htmanuals/htmanual_283/node101.html .