[ previous ] [ next ] [ threads ]
 
 From:  "SOinfo.org" <pcmaniac at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: [m0n0wall] m0n0 randomly blocking, although rules are set to allow all
 Date:  Wed, 8 Jun 2005 23:39:00 +0200
Behind m0n0, on the LAN side is a web, pop3 and smtp server, with vnc
control, so the ports 80, 110, 25 and 5900 are forwarded to that server
(192.168.2.149)
when i try to open the http://212.62.54.214 with the browser, sometimes
it opens the website, and most of the time it doesn't (must refresh all
the time)
Firewall rules are set to allow ALL trafic, and the "Block private
networks" option on the WAN interface is disabled
** In short, m0n0 keeps RANDOMLY blocking traffic, mostly on the LAN
interface

*The interfaces*:
LAN  - my0 - 192.168.2.1
WAN - rl0 - dhcp - 212.62.54.214

*NAT rules*:
- <nat>
  <advancedoutbound />
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>25</external-port>
  <target>192.168.2.149</target>
  <local-port>25</local-port>
  <interface>wan</interface>
  <descr>smtp</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>80</external-port>
  <target>192.168.2.149</target>
  <local-port>80</local-port>
  <interface>wan</interface>
  <descr>http</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>110</external-port>
  <target>192.168.2.149</target>
  <local-port>110</local-port>
  <interface>wan</interface>
  <descr>pop3</descr>
  </rule>
- <rule>
  <protocol>tcp/udp</protocol>
  <external-port>5900</external-port>
  <target>192.168.2.149</target>
  <local-port>5900</local-port>
  <interface>wan</interface>
  <descr>vnc</descr>
  </rule>
  </nat>

*Firewall rules*:
- <filter>
- <rule>
  <type>pass</type>
  <interface>wan</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <log />
  <frags />
  <descr />
  </rule>
- <rule>
  <type>pass</type>
  <interface>lan</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  <log />
  <frags />
  <descr />
  </rule>
  <tcpidletimeout />
  <bypassstaticroutes />
  </filter>


*Firewall log*:
20:13:15.107831 ng0 @200:1 p 80.109.15.245,2196 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:13:14.872056 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:14.118326 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:13.586145 rl0 @0:14 b 10.25.3.7,138 -> 10.25.3.255,138 PR udp len
20 229 IN
20:13:13.391527 ng0 @200:1 p 80.109.15.245,2195 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:13.367976 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:12.619640 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:12.519779 ng0 @200:1 p 80.109.15.245,2194 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:11.502297 ng0 @200:1 p 80.109.15.245,2193 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:09.464069 ng0 @200:1 p 80.109.15.245,2191 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:09.102076 ng0 @200:1 p 80.109.15.245,2190 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:07.746301 ng0 @200:1 p 80.109.15.245,2188 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:07.260251 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:06.984630 ng0 @200:1 p 80.109.15.245,2187 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:06.510239 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:06.059813 my0 @0:11 b 192.168.2.149,80 -> 80.109.15.245,2186 PR
tcp len 20 48 -AS IN
20:13:06.051858 ng0 @200:1 p 80.109.15.245,2186 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:05.769665 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:05.614929 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:04.979231 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:04.837570 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:04.228263 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:04.217899 ng0 @200:1 p 80.109.15.245,2184 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:04.087656 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:03.486219 rl0 @0:14 b 10.1.0.108,137 -> 10.1.0.255,137 PR udp len
20 78 IN
20:13:03.335246 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:02.586200 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:13:01.275639 ng0 @200:1 p 80.109.15.245,2183 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:13:01.273037 ng0 @200:1 p 80.109.15.245,2182 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:58.290928 ng0 @200:1 p 80.109.15.245,2181 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.841979 ng0 @200:1 p 80.109.15.245,2180 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.490688 ng0 @200:1 p 80.109.15.245,2179 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:57.193049 ng0 @200:1 p 80.109.15.245,2178 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:56.442171 ng0 @200:1 p 80.109.15.245,2177 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:56.418638 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:54.867065 2x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:54.401484 rl0 @0:14 b 192.168.1.1,138 -> 192.168.1.255,138 PR udp
len 20 236 IN
20:12:54.140799 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:53.365229 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:51.866468 3x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:51.834682 ng0 @200:1 p 80.109.15.245,2176 -> 192.168.2.149,80 PR
tcp len 20 60 -S K-S K-F IN
20:12:50.249386 my0 @100:2 p 192.168.2.149,49511 -> 63.146.124.59,28960
PR udp len 20 63 K-S K-F IN
20:12:45.669659 2x rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137
PR udp len 20 78 IN
20:12:44.895864 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
udp len 20 78 IN
20:12:44.572064 ng0 @200:1 p 80.109.15.245,2174 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.957631 ng0 @200:1 p 80.109.15.245,2173 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.534199 ng0 @200:1 p 80.109.15.245,2172 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:43.158638 ng0 @200:1 p 80.109.15.245,2171 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:42.773038 ng0 @200:1 p 80.109.15.245,2170 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN
20:12:42.199751 ng0 @200:1 p 80.109.15.245,2169 -> 212.62.54.214,81 PR
tcp len 20 60 -S K-S K-F IN

*Firewall log in HTML*:

(I don't understand why there's difference between rl0 and WAN interface
in the logs, when they should be the same)

> Act   Time    If      Source  Destination     Proto
> Allow         20:26:23.831525         WAN     80.109.15.245, port 2343        192.168.2.149,
> port 80       TCP
> Deny  20:26:23.539944         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Allow         20:26:23.330942
>       LAN
>       192.168.2.149, port 49563
>       207.173.177.44, port 1200
>       UDP
> Deny  20:26:23.116282         LAN     192.168.2.149, port 80  80.109.15.245,
> port 2337     TCP
> Deny  20:26:22.941110         LAN     192.168.2.149, port 80  80.109.15.245,
> port 2341     TCP
> Allow         20:26:22.932800         WAN     80.109.15.245, port 2341        192.168.2.149,
> port 80       TCP
> Deny x 2      20:26:21.286271         rl0     169.254.248.33, port 137
> 169.254.255.255, port 137     UDP
> Deny  20:26:20.539582         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny x 2      20:26:20.093189         LAN     192.168.2.149, port 80  80.109.15.245,
> port 2337     TCP
> Deny  20:26:19.078246         rl0     10.25.3.7, port 137     10.25.3.255, port
> 137   UDP
> Allow         20:26:17.452387         WAN     80.109.15.245, port 2340        212.62.54.214,
> port 81       TCP
> Allow         20:26:15.837222         WAN     80.109.15.245, port 2339        212.62.54.214,
> port 81       TCP
> Deny  20:26:14.100525         LAN     192.168.2.149, port 80  80.109.15.245,
> port 2337     TCP
> Deny  20:26:13.589348         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:26:12.990442         rl0     0.0.0.0, port 68        255.255.255.255, port
> 67    UDP
> Deny  20:26:12.818607         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny x 2      20:26:11.315572         rl0     169.254.248.33, port 137
> 169.254.255.255, port 137     UDP
> Allow         20:26:11.173224         WAN     80.109.15.245, port 2337        192.168.2.149,
> port 80       TCP
> Allow         20:26:10.966891         WAN     80.109.15.245, port 2336        192.168.2.149,
> port 80       TCP
> Allow         20:26:10.665704         WAN     80.109.15.245, port 2335        192.168.2.149,
> port 80       TCP
> Deny  20:26:10.567551         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:26:08.779684         rl0     10.1.0.108, port 137    10.1.0.255, port
> 137   UDP
> Deny  20:26:08.448404         LAN     192.168.2.149, port 5900        80.109.15.245,
> port 2334     TCP
> Allow         20:26:08.438690         WAN     80.109.15.245, port 2334        192.168.2.149,
> port 5900     TCP
> Deny  20:26:08.042060         rl0     10.1.0.108, port 137    10.1.0.255, port
> 137   UDP
> Deny  20:26:07.507245         LAN     192.168.2.149, port 5900        80.109.15.245,
> port 2333     TCP
> Allow         20:26:07.499228         WAN     80.109.15.245, port 2333        192.168.2.149,
> port 5900     TCP
> Deny  20:26:07.251640         rl0     10.1.0.108, port 137    10.1.0.255, port
> 137   UDP
> Deny  20:26:06.512212         rl0     10.1.0.108, port 137    10.1.0.255, port
> 137   UDP
> Allow         20:26:06.505990         WAN     80.109.15.245, port 2332        192.168.2.149,
> port 5900     TCP
> Deny  20:26:05.762609         rl0     10.1.0.108, port 137    10.1.0.255, port
> 137   UDP
> Allow         20:26:05.235757         WAN     80.109.15.245, port 2331        192.168.2.149,
> port 5900     TCP
> Deny  20:26:04.381516         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:26:03.988863         rl0     0.0.0.0, port 68        255.255.255.255, port
> 67    UDP
> Deny  20:26:03.604701         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:26:02.847488         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Allow         20:26:02.517849         WAN     80.109.15.245, port 2329        192.168.2.149,
> port 5900     TCP
> Deny  20:26:00.605147         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Allow         20:26:00.528068         WAN     80.109.15.245, port 2327        192.168.2.149,
> port 80       TCP
> Allow         20:26:00.145422         WAN     80.109.15.245, port 2326        192.168.2.149,
> port 80       TCP
> Deny  20:26:00.014335         rl0     0.0.0.0, port 68        255.255.255.255, port
> 67    UDP
> Allow         20:25:59.977383         WAN     80.109.15.245, port 2325        192.168.2.149,
> port 80       TCP
> Deny  20:25:59.606113         LAN     192.168.2.149, port 80  80.109.15.245,
> port 2324     TCP
> Allow         20:25:59.598340         WAN     80.109.15.245, port 2324        192.168.2.149,
> port 80       TCP
> Allow         20:25:58.538848         WAN     80.109.15.245, port 2322        192.168.2.149,
> port 80       TCP
> Deny  20:25:54.375620         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:25:53.638513         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny x 2      20:25:52.191912         rl0     169.254.248.33, port 137
> 169.254.255.255, port 137     UDP
> Deny  20:25:51.385370         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Deny  20:25:50.626833         rl0     169.254.248.33, port 137        169.254.255.255,
> port 137      UDP
> Allow         20:25:49.445180         WAN     80.109.15.245, port 2320        212.62.54.214,
> port 81       TCP