News: This forum is now permanently frozen.
Pages: [1]
Topic: Problems with firewall rules between subnets (source high ports)  (Read 1171 times)
« on: February 14, 2014, 21:42:34 »
dkjesper *
Posts: 2

I have a really wierd problem, and I cannot seem to debug it.
The setup is virtual, and is the following:
WAN - DHCP public ip
LAN - vlan101, gateway (server network)
OPT3 - vlan106, gateway (klient wifi network)
OPT2 - vlan107, gateway (guest, capture portal network)

The monowall is a drop-in replacement for another firewall, and no network has been changed. So the problem is my faulty m0n0wall configuration .. somewhere.

I have left everything default. NAT, default no advanced stuff. Firewall has ANY/ANY rules between LAN and OPT3 .. OPT2 only has internet access.

The problem is as follow .. when I try to access a server on LAN from OPT3, I will get denied on rules. This only happens when the source port is +50000. Or at least, this is my observation.
Example log entry: 21:28:15.884485    OPT3 - wifi internal, port 51297, port 32400    TCP

Notice I have ANY/ANY rules on both LAN and OPT3, so this shouldnt happen?

Any advice?
« Reply #1 on: February 15, 2014, 07:05:04 »
Lee Sharp *****
Posts: 517

How are you getting to the server, domain name or IP address?  And is it resolving to an internal or external IP?  We do not do port reflection, so if you are trying an external IP that is nated to an internal IP it will not work...
« Reply #2 on: February 15, 2014, 13:30:27 »
dkjesper *
Posts: 2

No, I have an internal DNS which resolves internal ip addresses. But for troubleshooting I have been using only ip addresses when testing, to rule out exactly this problem.
So the log is true, I am trying from, and trying to reach on port 32400 .. this is just a telnet test on that port(yes, I have a service listning, but its never reach)
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines