News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Bug Reports
linktree Topic: Traffic denied without reason
Pages: [1]
Topic: Traffic denied without reason  (Read 1053 times)
« on: May 21, 2013, 16:29:40 »
dkit89 *
Posts: 1
We have two m0n0wall devices running back to back.

One is connected to the internet and handles multiple IPSEC tunnels to external destinations which sit within 172.28/16. This works.

On the m0n0wall with the issue, we route 172.28/16 to the IP of the IPSEC tunnel box via OPT5/EM6. This also works for outbound traffic.

Inbound traffic on OPT5/EM6 from 172.28/16 is permitted by a rule yet is dropped.

Traffic logs:
14:27:12.767480 5x em6 @0:38 b 172.28.62.2,41596 -> 172.31.252.5,514 PR udp len 20 246 IN NAT
14:27:11.766404 em6 @0:38 b 172.28.62.2,41596 -> 172.31.252.5,514 PR udp len 20 246 IN NAT

Traffic is blocked by rule 38, however rule 1 in group 700 should permit it before it is denied by 38.

@37 skip 1 in on em6 from 172.31.5.0/24 to any
@38 block in log quick on em6 all
# Group 700
@1 pass in quick proto udp from any to 172.31.252.5/32 keep state group 700
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines