[ previous ] [ next ] [ threads ]
 
 From:  "Sean Carolan" <scarolan at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall blocking packets even though there's no rule
 Date:  Tue, 13 Jun 2006 10:42:05 -0500
I tried to post this yesterday, but it didn't make it onto the list.
Let me try again and see if it goes through:

Maybe someone can help me with this situation.  I'm trying to
configure an IP phone to be able to connect to it's voip server within
our company network.  So the phone server is behind the m0n0wall
firewall at work, while the IP phone is at my house, connected via DMZ
to my netgear router.

When I plug in the phone, it initializes and attempts to connect to
the server at work.  I have set up the following NAT and firewall
entries to forward phone traffic to the phone server:

NAT ENTRIES
TCP     *       *       192.168.1.132   5566    NAT Intertel Phone System
UDP     *       *       192.168.1.132   5567    NAT Intertel Phone System 2

RULES
TCP      *       *       192.168.1.132           5566    NAT Intertel
Phone System
UDP     *       *       192.168.1.132   5567    NAT Intertel Phone System 2

Ok, if you're with me so far here is the problem we are experiencing.
While watching the logs I noticed that traffic is being blocked from
the phone server on the LAN interface.  It's blocking source port 5566
with destination port 1028.   This is the blocked packet from the log:

17:53:43.462221   LAN    192.168.1.132, port 5566  myaddresshere, port
1028     TCP

I don't understand why it's being blocked.  Here are the two rules I
have set up for the LAN interface.  The first rule blocks any computer
except our mailserver from using outbound port 25.  The second rule is
supposed to let all other outbound traffic through the LAN interface.

TCP      ! 192.168.1.102         *       *       25 (SMTP)
Reject SMTP from
other than Stegosaurus
*       *       *       *       *       Default LAN -> Let other
outbound traffic through

Any idea what's going on here???

thanks


Sean

-- 
My new email address is scarolan at gmail dot com - please update your address book!