|
||||||||
On Wed, 09 Mar 2005 19:45:30 -0500, Christopher M. Iarocci wrote: > > No, I am hitting from the outside. I can supply logs if it will help > figure out what is wrong. But even if I were hitting FTP from inside, > it would not explain the often blocked VPN packets I see. Anyone?? > I'm coming in at the tail end of this, but it sounds like this. http://m0n0.ch/wall/docbook/faq-legit-traffic-dropped.html Also see the part on "Reading raw IPFilter logs" here. http://m0n0.ch/wall/docbook/troubleshooting-firewall-rules.html -Chris Hi I don't want to hijack this thread, but I'm aso having a problem with m0n0wall dropping packets I don't think it should. I have three interfaces, an external (assigned by DHCP) and an internal (private address space), and a DMZ, with the Internal LAN NATing out through the external interface. Packets from a server on the LAN going to an external address seem to be dropped, despite me having a rule on the firewall>rules>LAN page that explicitly allows all traffic from the LAN subnet to any. I even added another rule above that, explicity allowing all traffic from this server to go to any, yet the packets are still dropped. Sample bit of log: 04:06:20.401658 2x fxp1 @0:17 b 192.168.1.10,1637 -> 155.245.114.241,3495 PR tcp len 20 1500 -A IN 04:06:20.183178 fxp1 @0:17 b 192.168.1.10,1637 -> x.x.114.241,3495 PR tcp len 20 1500 -AP IN 04:06:17.969252 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR tcp len 20 1500 -A IN 04:06:15.339168 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR tcp len 20 1500 -A IN 04:06:14.488747 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR tcp len 20 1500 -A IN I've posted my entire status.php in a text file at http://www.erus.co.uk/m0n0wall.txt in case it can shed some light on what is probably my cack-handed attempt at a config :) I've also read the two URL's given above, and it seems to be catching on the default deny, but I don't see why. Can anybody spell it out for me please? Thanks Alex |