[ previous ] [ next ] [ threads ]
 
 From:  Nemanja Dubravac <pcmaniac at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0 randomly blocking, although rules are set to allow all
 Date:  Tue, 07 Jun 2005 20:42:12 +0200
Behind m0n0, on the LAN side is a web, pop3 and smtp server, with vnc
control, so the ports 80, 110, 25 and 5900 are forwarded to that server
(192.168.2.149)
when i try to open the http://212.62.54.214 with the browser, sometimes
it opens the website, and most of the time it doesn't (must refresh all
the time)
Firewall rules are set to allow ALL trafic, and the "Block private
networks" option on the WAN interface is disabled
** In short, m0n0 keeps RANDOMLY blocking traffic, mostly on the LAN
interface

*The interfaces*:
LAN  - my0 - 192.168.2.1
WAN - rl0 - dhcp - 212.62.54.214

*NAT rules*:
- <nat>
  <advancedoutbound />
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>25</external-port>
  <target>192.168.2.149</target>
  <local-port>25</local-port>
  <interface>wan</interface>
  <descr>smtp</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>80</external-port>
  <target>192.168.2.149</target>
  <local-port>80</local-port>
  <interface>wan</interface>
  <descr>http</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>110</external-port>
  <target>192.168.2.149</target>
  <local-port>110</local-port>
  <interface>wan</interface>
  <descr>pop3</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>5900</external-port>
  <target>192.168.2.149</target>
  <local-port>5900</local-port>
  <interface>wan</interface>
  <descr>vnc</descr>
  </rule>
  </nat>

*Firewall rules*:
- <filter>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <log />
  <frags />
  <descr />
  </rule>
- <rule>
  <type>pass</type>
  <interface>lan</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <log />
  <frags />
  <descr />
  </rule>
  <tcpidletimeout />
  <bypassstaticroutes />
  </filter>


*Firewall log*:
20:13:15.107831 ng0 @200:1 p 80.109.15.245,2196 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:13:14.872056 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:14.118326 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:13.586145 rl0 @0:14 b 10.25.3.7,138 -> 10.25.3.255,138 PR udp len
20 229 IN
20:13:13.391527 ng0 @200:1 p 80.109.15.245,2195 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:13.367976 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:12.619640 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:12.519779 ng0 @200:1 p 80.109.15.245,2194 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:11.502297 ng0 @200:1 p 80.109.15.245,2193 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:09.464069 ng0 @200:1 p 80.109.15.245,2191 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:09.102076 ng0 @200:1 p 80.109.15.245,2190 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:07.746301 ng0 @200:1 p 80.109.15.245,2188 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:07.260251 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:06.984630 ng0 @200:1 p 80.109.15.245,2187 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:06.510239 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:06.059813 my0 @0:11 b 192.168.2.149,80 -> 80.109.15.245,2186 PR
tcp len 20 48 -AS IN
20:13:06.051858 ng0 @200:1 p 80.109.15.245,2186 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:05.769665 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:05.614929 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:04.979231 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:04.837570 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:04.228263 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:04.217899 ng0 @200:1 p 80.109.15.245,2184 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:04.087656 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:03.486219 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:03.335246 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:02.586200 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:01.275639 ng0 @200:1 p 80.109.15.245,2183 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:01.273037 ng0 @200:1 p 80.109.15.245,2182 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:58.290928 ng0 @200:1 p 80.109.15.245,2181 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.841979 ng0 @200:1 p 80.109.15.245,2180 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.490688 ng0 @200:1 p 80.109.15.245,2179 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.193049 ng0 @200:1 p 80.109.15.245,2178 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:56.442171 ng0 @200:1 p 80.109.15.245,2177 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:56.418638 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:54.867065 2x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:54.401484 rl0 @0:14 b 192.168.1.1,138 -> 192.168.1.255,138 PR udp
len 20 236 IN
20:12:54.140799 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:53.365229 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:51.866468 3x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:51.834682 ng0 @200:1 p 80.109.15.245,2176 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:50.249386 my0 @100:2 p 192.168.2.149,49511 -> 63.146.124.59,28960
PR udp len 20 63 K-S K-F IN
20:12:45.669659 2x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:44.895864 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:44.572064 ng0 @200:1 p 80.109.15.245,2174 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.957631 ng0 @200:1 p 80.109.15.245,2173 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.534199 ng0 @200:1 p 80.109.15.245,2172 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.158638 ng0 @200:1 p 80.109.15.245,2171 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:42.773038 ng0 @200:1 p 80.109.15.245,2170 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:42.199751 ng0 @200:1 p 80.109.15.245,2169 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN

*Firewall log in HTML*:

(I don't understand why there's difference between rl0 and WAN interface
in the logs, when they should be the same)

> Act 	Time 	If 	Source 	Destination 	Proto
> Allow 	20:26:23.831525 	WAN 	80.109.15.245, port 2343 	192.168.2.149, 
> port 80 	TCP
> Deny 	20:26:23.539944 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Allow 	20:26:23.330942
> 	LAN
> 	192.168.2.149, port 49563
> 	207.173.177.44, port 1200
> 	UDP
> Deny 	20:26:23.116282 	LAN 	192.168.2.149, port 80 	80.109.15.245, 
> port 2337 	TCP
> Deny 	20:26:22.941110 	LAN 	192.168.2.149, port 80 	80.109.15.245, 
> port 2341 	TCP
> Allow 	20:26:22.932800 	WAN 	80.109.15.245, port 2341 	192.168.2.149, 
> port 80 	TCP
> Deny x 2 	20:26:21.286271 	rl0 	169.254.248.33, port 137 
> 169.254.255.255, port 137 	UDP
> Deny 	20:26:20.539582 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny x 2 	20:26:20.093189 	LAN 	192.168.2.149, port 80 	80.109.15.245, 
> port 2337 	TCP
> Deny 	20:26:19.078246 	rl0 	10.25.3.7, port 137 	10.25.3.255, port 
> 137 	UDP
> Allow 	20:26:17.452387 	WAN 	80.109.15.245, port 2340 	212.62.54.214, 
> port 81 	TCP
> Allow 	20:26:15.837222 	WAN 	80.109.15.245, port 2339 	212.62.54.214, 
> port 81 	TCP
> Deny 	20:26:14.100525 	LAN 	192.168.2.149, port 80 	80.109.15.245, 
> port 2337 	TCP
> Deny 	20:26:13.589348 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:26:12.990442 	rl0 	0.0.0.0, port 68 	255.255.255.255, port 
> 67 	UDP
> Deny 	20:26:12.818607 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny x 2 	20:26:11.315572 	rl0 	169.254.248.33, port 137 
> 169.254.255.255, port 137 	UDP
> Allow 	20:26:11.173224 	WAN 	80.109.15.245, port 2337 	192.168.2.149, 
> port 80 	TCP
> Allow 	20:26:10.966891 	WAN 	80.109.15.245, port 2336 	192.168.2.149, 
> port 80 	TCP
> Allow 	20:26:10.665704 	WAN 	80.109.15.245, port 2335 	192.168.2.149, 
> port 80 	TCP
> Deny 	20:26:10.567551 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:26:08.779684 	rl0 	10.1.0.108, port 137 	10.1.0.255, port 
> 137 	UDP
> Deny 	20:26:08.448404 	LAN 	192.168.2.149, port 5900 	80.109.15.245, 
> port 2334 	TCP
> Allow 	20:26:08.438690 	WAN 	80.109.15.245, port 2334 	192.168.2.149, 
> port 5900 	TCP
> Deny 	20:26:08.042060 	rl0 	10.1.0.108, port 137 	10.1.0.255, port 
> 137 	UDP
> Deny 	20:26:07.507245 	LAN 	192.168.2.149, port 5900 	80.109.15.245, 
> port 2333 	TCP
> Allow 	20:26:07.499228 	WAN 	80.109.15.245, port 2333 	192.168.2.149, 
> port 5900 	TCP
> Deny 	20:26:07.251640 	rl0 	10.1.0.108, port 137 	10.1.0.255, port 
> 137 	UDP
> Deny 	20:26:06.512212 	rl0 	10.1.0.108, port 137 	10.1.0.255, port 
> 137 	UDP
> Allow 	20:26:06.505990 	WAN 	80.109.15.245, port 2332 	192.168.2.149, 
> port 5900 	TCP
> Deny 	20:26:05.762609 	rl0 	10.1.0.108, port 137 	10.1.0.255, port 
> 137 	UDP
> Allow 	20:26:05.235757 	WAN 	80.109.15.245, port 2331 	192.168.2.149, 
> port 5900 	TCP
> Deny 	20:26:04.381516 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:26:03.988863 	rl0 	0.0.0.0, port 68 	255.255.255.255, port 
> 67 	UDP
> Deny 	20:26:03.604701 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:26:02.847488 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Allow 	20:26:02.517849 	WAN 	80.109.15.245, port 2329 	192.168.2.149, 
> port 5900 	TCP
> Deny 	20:26:00.605147 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Allow 	20:26:00.528068 	WAN 	80.109.15.245, port 2327 	192.168.2.149, 
> port 80 	TCP
> Allow 	20:26:00.145422 	WAN 	80.109.15.245, port 2326 	192.168.2.149, 
> port 80 	TCP
> Deny 	20:26:00.014335 	rl0 	0.0.0.0, port 68 	255.255.255.255, port 
> 67 	UDP
> Allow 	20:25:59.977383 	WAN 	80.109.15.245, port 2325 	192.168.2.149, 
> port 80 	TCP
> Deny 	20:25:59.606113 	LAN 	192.168.2.149, port 80 	80.109.15.245, 
> port 2324 	TCP
> Allow 	20:25:59.598340 	WAN 	80.109.15.245, port 2324 	192.168.2.149, 
> port 80 	TCP
> Allow 	20:25:58.538848 	WAN 	80.109.15.245, port 2322 	192.168.2.149, 
> port 80 	TCP
> Deny 	20:25:54.375620 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:25:53.638513 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny x 2 	20:25:52.191912 	rl0 	169.254.248.33, port 137 
> 169.254.255.255, port 137 	UDP
> Deny 	20:25:51.385370 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Deny 	20:25:50.626833 	rl0 	169.254.248.33, port 137 	169.254.255.255, 
> port 137 	UDP
> Allow 	20:25:49.445180 	WAN 	80.109.15.245, port 2320 	212.62.54.214, 
> port 81 	TCP
>