I have m0n0wall configured in a store with two LAN and one WAN interfaces. The network configuration looks like this:
Cable Modem -> M0n0wall -> LAN1 - 192.168 network
-> LAN2 - 172.16 network
Both LAN1 and LAN2 have rules that permit all outbound traffic from their networks to anywhere.
However, I'm seeing log entries like this (about 12 in 15 minutes):
x 19:57:27.121571 LAN2 172.16.0.199, port 1863 65.118.49.32, port 443 TCP
I'm very worried because this is a credit card processing system for the store. There is some traffic from 172.16.0.199 to 65.118.49.32:443 getting through and as far as I know the credit card system still works.
When I look at the raw filter logs it looks like the 443 traffic is getting blocked by the following rule:
@23 block in log quick proto tcp from any to any
This looks like a catch-all rule of some sort. I've read in the FAQ that sometimes m0n0wall will catch duplicate packets based on sequence number and block them. Is that what's happening here? Is there a way to tell? (can I run tcpdump in exec.php for example?)
Thanks!
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: Legitimate port 443 traffic being blocked