|
||||||||
Hi I'm having problems with m0n0wall dropping packets I don't think it should. I have three interfaces, an external (assigned by DHCP) and an internal (private address space), and a DMZ (not used currently), with the Internal LAN NATing out through the external interface. Packets from a server on the LAN going to an external address seem to be dropped, despite me having a rule on the firewall>rules>LAN page that explicitly allows all traffic from the LAN subnet to any, and this is the only rule on the LAN page. Sample bit of log: 15:59:58.483121 fxp1 @0:17 b 192.168.1.10,4535 -> 155.245.115.168,30452 PR tcp len 20 1500 -A IN 15:59:57.618427 fxp1 @0:17 b 192.168.1.10,4496 -> 155.245.127.72,2777 PR tcp len 20 1500 -A IN 15:59:57.609661 fxp1 @0:17 b 192.168.1.10,4521 -> 155.245.109.100,12917 PR tcp len 20 1500 -A IN 15:59:54.522518 2x fxp1 @0:17 b 192.168.1.10,4521 -> 155.245.109.100,12917 PR tcp len 20 1500 -A IN 15:59:54.381221 fxp1 @0:17 b 192.168.1.10,4521 -> 155.245.109.100,12917 PR tcp len 20 1500 -AP IN 15:59:54.218584 fxp1 @0:17 b 192.168.1.10,4535 -> 155.245.115.168,30452 PR tcp len 20 1500 -A IN Result of ipfstat -nio @1 pass out quick on lo0 from any to any @2 pass out quick on fxp1 proto udp from 192.168.1.1/32 port = 67 to any port = 68 @3 pass out quick on fxp0 proto udp from any port = 68 to any port = 67 @4 pass out quick on fxp1 from any to any keep state @5 pass out quick on fxp0 from any to any keep state @6 pass out quick on fxp2 from any to any keep state @7 block out log quick from any to any @1 pass in quick on lo0 from any to any @2 block in log quick from any to any with short @3 block in log quick from any to any with ipopt @4 pass in quick on fxp1 proto udp from any port = 68 to 255.255.255.255/32 port = 67 @5 pass in quick on fxp1 proto udp from any port = 68 to 192.168.1.1/32 port = 67 @6 block in log quick on fxp0 from 192.168.1.0/24 to any @7 block in log quick on fxp0 from 192.168.2.0/24 to any @8 block in log quick on fxp0 proto udp from any port = 67 to 192.168.1.0/24 port = 68 @9 pass in quick on fxp0 proto udp from any port = 67 to any port = 68 @10 block in log quick on fxp1 from !192.168.1.0/24 to any @11 block in log quick on fxp2 from !192.168.2.0/24 to any @12 block in log quick on fxp0 from 10.0.0.0/8 to any @13 block in log quick on fxp0 from 127.0.0.0/8 to any @14 block in log quick on fxp0 from 172.16.0.0/12 to any @15 block in log quick on fxp0 from 192.168.0.0/16 to any @16 skip 1 in proto tcp from any to any flags S/FSRA @17 block in log quick proto tcp from any to any @18 block in log quick on fxp1 from any to any head 100 @1 pass in quick from 192.168.1.0/24 to 192.168.1.1/32 keep state group 100 @2 pass in quick from any to any keep state group 100 @19 block in log quick on fxp0 from any to any head 200 @1 block in quick proto tcp/udp from any port 134 >< 140 to any group 200 @2 block in quick from any to 155.245.127.255/32 group 200 @3 block in quick from any to 255.255.255.255/32 group 200 @4 pass in quick proto tcp from any to any keep state group 200 @5 pass in quick proto tcp from any to 192.168.1.10/32 port = 411 keep state group 200 @6 pass in quick proto tcp from any to 192.168.1.15/32 port = 22 keep state group 200 @7 pass in quick proto tcp from any to 192.168.1.10/32 port = 3389 keep state group 200 @8 pass in quick proto tcp/udp from any to 192.168.1.10/32 port = synoptics-trap keep state group 200 @9 pass in quick proto tcp/udp from any to 192.168.1.10/32 port = innosys keep state group 200 @10 pass in quick proto tcp from any to 192.168.1.20/32 port = 4111 keep state group 200 @20 block in log quick on fxp2 from any to any head 300 @21 block in log quick from any to any I've read the FQ pages about legit traffic being dropped, and troubleshooting firewall rules, and as far as i understand the packets are being dropped by the default deny rule, but surely the allow all rule should take preference? I also tried disabling the "block private networks" option on the LAN interface and this had no effect Can anybody spell it out for me please? Regards Alex |