[ previous ] [ next ] [ threads ]
 
 From:  "Sean Carolan" <scarolan at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall blocking traffic, even though there's no rule!
 Date:  Mon, 12 Jun 2006 18:00:54 -0500
Maybe someone can help me with this situation.  I'm trying to
configure an IP phone to be able to connect to it's voip server within
our company network.  So the phone server is behind the m0n0wall
firewall at work, while the IP phone is at my house, connected via DMZ
to my netgear router.

When I plug in the phone, it initializes and attempts to connect to
the server at work.  I have set up the following NAT and firewall
entries to forward phone traffic to the phone server:

NAT ENTRIES
TCP 	* 	* 	192.168.1.132 	5566 	NAT Intertel Phone System  	
UDP 	* 	* 	192.168.1.132 	5567 	NAT Intertel Phone System 2

RULES
TCP  	 *  	 *  	 192.168.1.132  	 5566  	 NAT Intertel Phone System   	
UDP 	* 	* 	192.168.1.132 	5567 	NAT Intertel Phone System 2

Ok, if you're with me so far here is the problem we are experiencing.
While watching the logs I noticed that traffic is being blocked from
the phone server on the LAN interface.  It's blocking source port 5566
with destination port 1028.   This is the blocked packet from the log:

17:53:43.462221   LAN  	 192.168.1.132, port 5566  myaddresshere, port
1028  	 TCP

I don't understand why it's being blocked.  Here are the two rules I
have set up for the LAN interface.  The first rule blocks any computer
except our mailserver from using outbound port 25.  The second rule is
supposed to let all other outbound traffic through the LAN interface.

TCP  	 ! 192.168.1.102  	 *  	 *  	 25 (SMTP)  	 Reject SMTP from
other than Stegosaurus
* 	* 	* 	* 	* 	Default LAN -> Let other outbound traffic through

Any idea what's going on here???

thanks


Sean


-- 
My new email address is scarolan at gmail dot com - please update your address book!