[ previous ] [ next ] [ threads ]
 From:  Tim Korves <tkml at cluster dash worxx dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  M0n0 blocks a request from external to internal, but it's stated allowed
 Date:  Fri, 16 Feb 2007 13:09:31 +0100
Hi all,

I'm facing a problem, which I can't understand anymore... I have several 
rules in my WAN-IF firewall page which are allowing several services to 
the internal network (all with official IPs). Each rule is working fine, 
except for one: The rule to our proxy which customer of us should be 
able to use... If someone tries to connect to the proxy (Port 80), the 
request get's blocked, even if there's a special rule for allowing this 
traffic. I played around with fragmented packets (allowing them), but 
this still doesn't work... Here is the rule and the blocking message in 
the logs:

Rule: Allow TCP traffic from anywhere to IP 194.77.75.xxx with port 80
Message: Feb 16 13:08:17 m0n0wall ipmon[82]: 13:08:17.049028 ng0 @200:67 
b 195.xx.235.xx,60217 -> 194.77.75.xxx,80 PR tcp len 20 48 -S IN

Anyone has got an idea? Internally, the proxy's running just fine, but 
traffic from the outside get's blocked by m0n0... :-(