Killed my firewall from accessing FTP



  • I killed my firewall.  I am running 1.2.1.  I updated the firewall rules from remote, and now I have no access to anything.

    I changed the ftp IP address in the nat area of the firewall and now I can't connect to the firewall or anything.  I will be back at my home site tomorrow.  I guess I reboot and fix the dameage tomorrow.  Anything what might have happened.
    RC



  • I found out after letting the firewall settle down (2 hours) it came back up.  When ever I try to access to the FTP server that is when it completely hangs up.  It takes about two hours for it come back up.

    I am going to do some testing this is with 1.2.1.  Everything was working fine.  The only change that I have made is enabling openVPN.  I am running IPSEC, OpenVPN, Snort, IPERF, and phpSysInfo.

    Anyone got any Ideas?



  • Ok, All you experts out there, I just finished my testing.  I have identified that snort was the culprit.  With snort enabled all FTP access was blocked, and that blocked the IP that I was coming from for a hour.

    Snort is reporting a malformed packet coming from a cmd line FTP client to Cerberus FTP running on my vista workstation.  I only enable FTP on a as needed basis.

    I have the following SNORT rules enabled:
    attack-responces.rules
    backdoor.rules
    ddos.rules
    oracle.rules
    pop2.rules
    porn.rules
    specified-threats.rules
    spyware-put.rules
    web-attacks.rules
    x11.rules

    Can anyone tell my what to modify?  With snort running is is killing my efforts to work on OpenVPN and other activities because I currently have to move files via FTP.

    I currently have SNORT disabled and OpenVPN enabled and still have access.
    RC



  • Think I have a similar problem. As far as I know I can tell you that the rules are not the origin but the ftp preprocessor. http://snort.org/docs/snort_htmanuals/htmanual_283/node101.html .


Locked