Re: [m0n0wall] M0n0 blocks a request from external to internal, but it's stated allowed

From:	Tim Korves <tkml at cluster dash worxx dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] M0n0 blocks a request from external to internal, but it's stated allowed
Date:	Fri, 16 Feb 2007 13:12:57 +0100

Hi there,

> I'm facing a problem, which I can't understand anymore... I have several 
> rules in my WAN-IF firewall page which are allowing several services to 
> the internal network (all with official IPs). Each rule is working fine, 
> except for one: The rule to our proxy which customer of us should be 
> able to use... If someone tries to connect to the proxy (Port 80), the 
> request get's blocked, even if there's a special rule for allowing this 
> traffic. I played around with fragmented packets (allowing them), but 
> this still doesn't work... Here is the rule and the blocking message in 
> the logs:
> 
> Rule: Allow TCP traffic from anywhere to IP 194.77.75.xxx with port 80
> Message: Feb 16 13:08:17 m0n0wall ipmon[82]: 13:08:17.049028 ng0 @200:67 
> b 195.xx.235.xx,60217 -> 194.77.75.xxx,80 PR tcp len 20 48 -S IN
> 
> Anyone has got an idea? Internally, the proxy's running just fine, but 
> traffic from the outside get's blocked by m0n0... :-(

tried it with a second rule to another new host, same problem... :-( But 
I can't see any differences to rules which are working just fine... Any 
idea?

Tim