I created a port fowrad (DNAT) that just won't work for some reason.
Access from: Any
Target Type: Any Uplink
Filter Policy: ALLOW
Service: User Defined, tcp 990
Translate to IP: 192.168..
DNAT Policy: DNAT
Port Range {blank}
Status: Enabled.
grc.com sheilds up port scan says that this port is stealth. nmap from outside the network shows no response. and I cannot log into the FTPS server that is behind the firewall. This all used to work when I had EFW 2.x RC1. Upgraded, and have had problems ever since.
What am I doing wrong?
EFW has a bad snort pre-proccessor rule that flags FTPS and FTPES as bad, and another one that bounces the packets instead of just giving a false positive warning. I have tried to override these entries in Snort.Conf; but, EFW puts them back whenever I restart the IPS.
If anyone has another file or location I can used to set up an override for that pre-processor please let me know.
The problem was documented in a snort forum post. The solution was to change the pre-processor settings for the FTP Encryption test from yes to no.
To fix it, log into to your EFW using SSH, and modify /etc/snort/snort.conf.tmpl
it looked like the following should have fixed it; but, it only turned of the warning:
preprocessor ftp_telnet: global \
encrypted_traffic yes \
inspection_type stateful And change the
yes to
no.
I don't know of my final solution was the best one or not; but, I remarked out all the ftp_telnet preprocessor lines and it worked.
If anyone out there has a better solution - please let us know. Thanks;