[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  gr at redskycom dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PACKETS BLOCKED - NO RULE SET
 Date:  Thu, 11 Mar 2004 12:53:15 +0100
On 11.03.2004 09:21 +0100 gr at redskycom dot net wrote:

> I just reset to factory retting and without putting any rule or
> change the mono started blocking some packets as displays in the
> log: Why????
>  
> 
> Last 50 firewall log entries
> 
> 08:04:56.435774 sis1 @0:13 b 192.168.0.1 -> 192.168.0.5 PR icmp len
> 20 60 icmp echo/0 IN

OK, so sis1 is your WAN interface and 192.168.0.0/24 the WAN subnet.
You'll have to disable the "Block private networks" options on the
WAN interface setup page. By default RFC 1918 networks are blocked on
WAN.

> 08:07:33.554834 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157
> PR tcp len 20 41 -A IN
> 
> 08:07:38.477296 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157
> PR tcp len 20 41 -A IN
> 
> 08:07:43.509182 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157
> PR tcp len 20 41 -A IN
> 
> 08:07:48.541062 sis1 @0:15 b 207.46.106.2,1863 -> 192.168.0.5,19157
> PR tcp len 20 41 -A IN

As for these log entries - since they're not SYN packets, I assume
that you rebooted your m0n0wall while some TCP connection was still
established between one of your LAN clients and an Internet host, and
now that Internet host is trying to send some data to your client but
m0n0wall blocks it because there's no corresponding entry in the
state table. That's perfectly normal behavior with stateful packet
filtering - if you reboot your firewall and therefore lose the
contents of the state table, all established connections will be
broken. On the other hand, stateful packet filtering is considered to
be more secure than stateless filtering.

- Manuel