[ previous ] [ next ] [ threads ]
 
 From:  "SOinfo.org" <pcmaniac at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 randomly blocking, although rules are set to allow all
 Date:  Thu, 9 Jun 2005 02:17:11 +0200
On 6/9/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> 
> From the LAN side or WAN side?
> 
From the WAN side

> 
> >
> > *Firewall log*:
> 
> the majority of this is legit dropped traffic.  Doesn't match an allow
> rule on the WAN side so it gets dropped.

How come it is legit?
For example: Deny  20:26:23.116282         LAN     192.168.2.149, port
80  80.109.15.245,
Both If (LAN & WAN) are set to allow ALL traffic.

And what is even more interesting is that most of the time that
traffic (http from the .149 webserver) gets blocked, but *sometimes*
it doesn't (so I can open the web page from the outside)
 
> The only legit traffic I see getting dropped is by rule @200:1.  What
> rule is that?  See
> http://m0n0.ch/wall/docbook/troubleshooting-firewall-rules.html
> 

At the moment I don't have the access to m0n0 (friend's computer), so
I will get the answer later
But there are only 2 rules I set:
If: WAN; Proto: *; Source: *; Port: *; Destination: *; Port: *;
If: LAN; Proto: *; Source: *; Port: *; Destination: *; Port: *;