[ previous ] [ next ] [ threads ]
 
 From:  Paul Barlow <PBarlow at fresnoheart dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Help finding blocking rule (newb)
 Date:  Wed, 8 Dec 2004 14:13:35 -0800
Ok,

I have mono setup to bridge between LAN and opt1 with filtering bridge
turned on. Most all of my rules work, but for some reason one
applications traffic will not be allowed through the firewall. TCP port
6630 gets blocked every time. I have even deleted all my rules and just
made one any any rule and still it gets blocked. 


Here is info from my status.php page

ipfstat -nio 
@1 pass out quick on lo0 from any to any
@2 pass out quick on bge0 proto udp from 192.168.254.8/32 port = 67 to
any port = 68
@3 pass out quick on bge1 from 192.168.0.0/16 to 172.16.0.0/16
@4 pass out quick on bge1 from 172.16.0.0/16 to 192.168.0.0/16
@5 pass out quick on bge1 from 192.168.0.0/16 to 172.18.0.0/16
@6 pass out quick on bge1 from 172.18.0.0/16 to 192.168.0.0/16
@7 pass out quick on bge0 from 192.168.0.0/16 to 192.168.0.0/16
@8 pass out quick on rl0 proto udp from any port = 68 to any port = 67
@9 pass out quick on bge0 from any to any keep state
@10 pass out quick on rl0 from any to any keep state
@11 pass out quick on bge1 from any to any keep state
@12 block out log quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt
@4 pass in quick on bge0 proto udp from any port = 68 to
255.255.255.255/32 port = 67
@5 pass in quick on bge0 proto udp from any port = 68 to
192.168.254.8/32 port = 67
@6 pass in quick on bge1 from 192.168.0.0/16 to 172.16.0.0/16
@7 pass in quick on bge1 from 172.16.0.0/16 to 192.168.0.0/16
@8 pass in quick on bge1 from 192.168.0.0/16 to 172.18.0.0/16
@9 pass in quick on bge1 from 172.18.0.0/16 to 192.168.0.0/16
@10 pass in quick on bge0 from 192.168.0.0/16 to 192.168.0.0/16
@11 block in log quick on rl0 from 192.168.0.0/16 to any
@12 block in log quick on rl0 proto udp from any port = 67 to
192.168.0.0/16 port = 68
@13 pass in quick on rl0 proto udp from any port = 67 to any port = 68
@14 skip 2 in on bge0 from 192.168.0.0/16 to any
@15 skip 1 in on bge0 from 192.168.0.0/16 to any
@16 block in log quick on bge0 from any to any
@17 skip 3 in on bge1 from 172.16.0.0/16 to any
@18 skip 2 in on bge1 from 172.18.0.0/16 to any
@19 skip 1 in on bge1 from 192.168.0.0/16 to any
@20 block in log quick on bge1 from any to any
@21 block in log quick on rl0 from 10.0.0.0/8 to any
@22 block in log quick on rl0 from 127.0.0.0/8 to any
@23 block in log quick on rl0 from 172.16.0.0/12 to any
@24 skip 1 in proto tcp from any to any flags S/FSRA
@25 block in log quick proto tcp from any to any
@26 block in log quick on bge0 from any to any head 100
@1 pass in quick from 192.168.0.0/16 to 192.168.254.8/32 keep state
group 100
@2 pass in quick from 192.168.0.0/16 to any keep state group 100
@3 pass in quick from any to any keep state group 100
@27 block in log quick on rl0 from any to any head 200
@28 block in log quick on bge1 from any to any head 300
@1 pass in quick from 172.16.15.115/32 to any keep state keep frags
group 300
@2 pass in quick proto icmp from any to any keep state keep frags group
300
@3 pass in quick from 172.18.4.149/32 to 192.168.107.11/32 keep state
keep frags group 300
@4 pass in quick from 172.18.3.229/32 to 192.168.111.70/32 keep state
keep frags group 300
@5 pass in quick from 172.16.140.251/32 to 192.168.107.11/32 keep state
keep frags group 300
@6 pass in quick from 172.16.80.112/32 to 192.168.107.11/32 keep state
keep frags group 300
@7 pass in quick proto tcp from any to any port 1023 >< 9801 keep state
keep frags group 300
@8 pass in quick from 172.18.5.32/32 to 192.168.107.0/24 keep state keep
frags group 300
@9 pass in quick from 172.16.15.82/32 to any keep state keep frags group
300
@29 block in log quick from any to any



Here is what I see in syslog. 


Dec  8 13:47:37 cmc-100mbit ipmon[69]: 13:47:36.635687 bge0 @0:25 b
192.168.111.15,6631 -> 172.16.21.79,2177 PR tcp len 20 48 -AS IN

Dec  8 13:47:41 cmc-100mbit ipmon[69]: 13:47:40.422968 bge0 @0:25 b
192.168.111.15,6630 -> 172.16.21.79,2178 PR tcp len 20 40 -A IN

Dec  8 13:47:42 cmc-100mbit ipmon[69]: 13:47:41.229369 bge0 @0:25 b
192.168.111.15,6630 -> 172.16.21.79,2178 PR tcp len 20 48 -AS IN

Dec  8 13:47:42 cmc-100mbit ipmon[69]: 13:47:41.666927 bge0 @0:25 b
192.168.111.15,6631 -> 172.16.21.79,2179 PR tcp len 20 48 -AS IN



Please let me know if there is any more data you need from me that would
help. Thanks for any responses. 


Paul


Confidentiality Note: This e-mail, and any attachment(s), is/are intended only for the person or
entity to which it is addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the
information herein by anyone other than the intended recipient, or an employee or agent responsible
for delivering the message to the intended recipient, is prohibited. If you have received this
e-mail in error, please destroy the original message and all copies.