Hi,

NBM3.7 with all patches from craig's pages except NBMSP2/NW6SP3.

Up to now I had no problems with FTP through a Port 20/21 stateful
filter exception.

The day before yesterday that rule stopped to work.

Filter Exceptions:
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=UDP port=20
srcport=1024-65535 stfilt=1, INTRFACE:N100_1_PUB, FTP OUTbound
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=UDP port=21
srcport=1024-65535 stfilt=1, INTRFACE:N100_1_PUB, FTP OUTbound

I cannot ftp outbound, why not any more?


In the FILTCFG some filters are displayed in a wrong way:

the middle part does not show any packet type. When I delete these
filters they show up again short time later. (so obviously they seem
to be recovered from the filters stored in eDir)

+------------------------------------------------------------------------------+

Exceptions: Packets Always Permitted

------------------------------------------------------------------------------

Source Circuit Packet Type Destination
Circuit
<All Interfaces> - <ANY> N100_1_PUB -

<All Interfaces> - icmp-st N100_1_PUB -

CE100B_1 - N100_1_PUB -

CE100B_1 - N100_1_PUB -

CE100B_1 - N100_1_PUB -

?CE100B_1 - AOL-tcp-5190-st N100_1_PUB -

+------------------------------------------------------------------------------+


When selecting such a filter it shows for filter type (select for
list)
+------------------------------------------------------------------------------+

Define Exception

------------------------------------------------------------------------------

Source Interface Type: Interface

Source Interface: CE100B_1 (Private)

Source Circuit:



Destination Interface Type: Interface

Destination Interface: N100_1_PUB (Public)

Destination Circuit:



Packet Type: (Select for List) Protocol: TCP

Src Port(s): 1024-65535 Dest Port(s): 123

ACK Bit Filtering: Disabled Stateful Filtering: Enabled



Src Addr Type: Any Address

Src IP Address:

Dest Addr Type: Any Address

Dest IP Address:

Logging: Disabled

Comment: NTP-st, Net-Time-Protocol, OUTbound

+------------------------------------------------------------------------------+


ntp timesync is functional, so the filter exception works, it's line
in filters.cfg
is *MISSING* (a text search for "NTP" and "Net-Time" gives no hits)

Deleting that filter, save, reinitialize system, redefining it, re sys
again
helps for some time (minutes to days), then the same thing comes up.

What is going on here?

I'm just wondering to redo that BM from the scratch...
It's a VPN Master, so how can I save the VPMaster Informations??

NW6SP2, NBM3.7 and all "craig patches" up to about 15th Jan. 2003.

Thanks, rudi.