[ previous ] [ next ] [ threads ]
 
 From:  "Evan Talley" <grime at forbiddenninja dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPFilter Rule Causing Problems...
 Date:  Wed, 23 Jun 2004 00:14:24 -0500 
The rule causing the problems I believe is this one:
@15 block in log quick proto tcp from any to any
 
Now I'm sure that rule is there for a reason, and therefore I shouldn't just
go and take it out. No matter what ports I set a rule for the packets to
pass through though, they keep getting blocked! Why does it keep blocking
http traffic? Bellow are some of the logs.
 
Here's an example of the kind of logs I'm getting:

Jun 22 14:10:03 m0n0wall ipmon[57]: 14:10:02.505270 ng0 @0:15 b
65.61.220.204,80 -> 69.29.133.211,7478 PR tcp len 20 40 -AF IN

Jun 22 14:10:06 m0n0wall ipmon[57]: 14:10:06.087642 ng0 @0:15 b
66.28.242.50,80 -> 192.168.0.2,3621 PR tcp len 20 1420 -A IN

Jun 22 14:10:15 m0n0wall ipmon[57]: 14:10:14.495634 ng0 @0:15 b
65.61.220.204,80 -> 69.29.133.211,7478 PR tcp len 20 40 -AF IN

Jun 22 14:10:38 m0n0wall ipmon[57]: 14:10:38.512460 ng0 @0:15 b
65.61.220.204,80 -> 69.29.133.211,7478 PR tcp len 20 40 -AF IN

Jun 22 14:11:27 m0n0wall ipmon[57]: 14:11:26.511299 ng0 @0:15 b
65.61.220.204,80 -> 69.29.133.211,7478 PR tcp len 20 40 -AF IN

Jun 22 14:11:55 m0n0wall ipmon[57]: 14:11:54.954259 ng0 @0:15 b
208.255.43.151,80 -> 192.168.0.10,2748 PR tcp len 20 43 -AR IN

Jun 22 14:11:55 m0n0wall ipmon[57]: 14:11:54.954559 ng0 @0:15 b
208.255.43.151,80 -> 192.168.0.10,2749 PR tcp len 20 43 -AR IN

Jun 22 14:12:47 m0n0wall ipmon[57]: 14:12:47.798236 ng0 @0:15 b
209.66.118.161,80 -> 192.168.0.17,1765 PR tcp len 20 421 -AP IN

 
 
It also happens when I download onto a computer outside the network from my
web server on the network:
Jun 22 20:59:41 m0n0wall ipmon[57]: 20:59:41.283439 7x rl0 @0:15 b
192.168.0.2,80 -> 165.95.7.5,9533 PR tcp len 20 1420 -A IN
Jun 22 20:59:49 m0n0wall ipmon[57]: 20:59:49.080704 7x rl0 @0:15 b
192.168.0.2,80 -> 165.95.7.5,9533 PR tcp len 20 1420 -A IN
Jun 22 21:00:05 m0n0wall ipmon[57]: 21:00:05.346655 7x rl0 @0:15 b
192.168.0.2,80 -> 165.95.7.5,9533 PR tcp len 20 1420 -A IN
Jun 22 21:00:13 m0n0wall ipmon[57]: 21:00:13.078911 7x rl0 @0:15 b
192.168.0.2,80 -> 165.95.7.5,9533 PR tcp len 20 1420 -A IN
Jun 22 21:00:30 m0n0wall ipmon[57]: 21:00:29.256202 7x rl0 @0:15 b
192.168.0.2,80 -> 165.95.7.5,9533 PR tcp len 20 1420 -A IN
 
One more thing I guess I should mention is it doesn't seem to block ALL the
traffic. I mean, I can still get web pages and I can still download from my
webserver from remote locations. If I try to download a large file from a
web server though it eventually times out. There is probably a really common
solution that I'm just overlooking, or I might just have something set up
wrong. I admit my n00bness :-(. Help? Thanks.
 
-Evan Talley
grime at forbiddenninja dot com