News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Strange behavior
Pages: [1]
Topic: Strange behavior  (Read 1923 times)
« on: January 25, 2010, 03:13:49 »
MattR *
Posts: 2
Hi,

I am getting strange behavior with v1.3. Here is the configuration:

Net1 --LAN-- FW1 --WAN-- Net2
Net1 --WAN-- FW2 --LAN-- Net3

* WAN/LAN rules on both firewalls are any > any
* Net1 default route via FW1 to Net2
* FW1 has a static route to Net3
* Tick Advanced > Bypass firewall rules for traffic on the same interface option on both firewalls
* Log all packets

When I ping from 10.0.0.1 on Net1 to 10.1.0.1 on Net3 it routes via FW1 as expected. Ping is successful, but the FW1 logs blocked ICMP packets from FW1 (10.0.0.254) to the 10.0.0.1. Example below:

Block LAN 10.0.0.254 10.0.0.1, type redirect/host ICMP

Yet the firewall also logs other packets as being passed. For example:

Pass LAN 10.0.0.2, port 138 10.0.0.255, port 138 UDP

Conclusion - It seems that some packets are being logged as blocked when they are not. (Perhaps just ICMP).

Any help would be appreciated.

Cheers,
Matt
« Reply #1 on: January 25, 2010, 03:19:57 »
MattR *
Posts: 2
Some additional observations:

Microsoft AD DS traffic from Net3 to Net1 via FW2 is successful, but FW2 logs the following (notice the timestamps) One packet is logged as passed and the next is logged as blocked.

Block 12:45:52.129238 LAN 10.1.0.1, port 10148 10.0.0.1, port 445 TCP
Pass 12:45:51.944064 LAN 10.1.0.1, port 19132 10.0.0.1, port 445 TCP

Cheers,
MattR
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines