[ previous ] [ next ] [ threads ]
 
 From:  Alex Pimperton <alex at erus dot co dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: m0n0wall blocks packets it should not
 Date:  Thu, 10 Mar 2005 04:19:47 +0000
On Wed, 09 Mar 2005 19:45:30 -0500, Christopher M. Iarocci wrote:
> 
> No, I am hitting from the outside.  I can supply logs if it will help
> figure out what is wrong.  But even if I were hitting FTP from inside,
> it would not explain the often blocked VPN packets I see.  Anyone??
> 

I'm coming in at the tail end of this, but it sounds like this.
http://m0n0.ch/wall/docbook/faq-legit-traffic-dropped.html

Also see the part on "Reading raw IPFilter logs" here.
http://m0n0.ch/wall/docbook/troubleshooting-firewall-rules.html

-Chris

Hi

I don't want to hijack this thread, but I'm aso having a problem with 
m0n0wall dropping packets I don't think it should.

I have three interfaces, an external (assigned by DHCP) and an internal 
(private address space), and a DMZ, with the Internal LAN NATing out 
through the external interface.

Packets from a server on the LAN going to an external address seem to be 
dropped, despite me having a rule on the firewall>rules>LAN page that 
explicitly allows all traffic from the LAN subnet to any.

I even added another rule above that, explicity allowing all traffic 
from this server to go to any, yet the packets are still dropped.

Sample bit of log:

04:06:20.401658 2x fxp1 @0:17 b 192.168.1.10,1637 -> 
155.245.114.241,3495 PR tcp len 20 1500 -A IN
04:06:20.183178 fxp1 @0:17 b 192.168.1.10,1637 -> x.x.114.241,3495 PR 
tcp len 20 1500 -AP IN
04:06:17.969252 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR 
tcp len 20 1500 -A IN
04:06:15.339168 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR 
tcp len 20 1500 -A IN
04:06:14.488747 fxp1 @0:17 b 192.168.1.10,1853 -> x.x.116.63,15186 PR 
tcp len 20 1500 -A IN

I've posted my entire status.php in a text file at 
http://www.erus.co.uk/m0n0wall.txt in case it can shed some light on 
what is probably my cack-handed attempt at a config :)

I've also read the two URL's given above, and it seems to be catching on 
the default  deny, but I don't see why.

Can anybody spell it out for me please?

Thanks

Alex