Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 9390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup - possible traffic conflict

JHarp1

Hello,

I hope one of you might be able to help me. I cannot figure out what is wrong here and I have tried just about everything I can think of to fix this issue for about a year or so now.

This is a home base unit I use to learn on.   XG125w (SFOS 17.0.6 MR-6)

I do have the XG125w in gateway mode which might be the issue. I did this so ISP would only see 1 device. I’d like to keep it this way, if possible.

 

One network device works fine. No issues. Can browse web, download,….

Soon as another device is connected, the network is unresponsive. It will respond after a bit but everything is very broken and slow.

I also have a RED that I use a lot and it will work great until someone else at home connects.

 

I am pretty sure that the path between cable supplied modem/gateway and Sophos is getting confused.

I am unable to turn off NAT or bridge on cable supplied gateway but I can use DMZ.

I currently have 10.132.50.54 in DMZ on cable supplied modem/gateway but it does not seem to help.

 

Cable supplied modem/gateway:

Public WAN IP:   x.x.x.x

LAN: 192.168.1.50

Netmask: 255.255.255.0

LAN DHCP 192.168.1.51-100

 

Sophos:

Gateway: 192.168.1.50

WAN interface port#2: 192.168.1.54

LAN Port #4: 10.132.50.50 (DHCP .51-.100)

Netmask: 255.255.255.0

 

Sample from of one of my devices:

DHCP assigned

Device IP: 10.132.50.60

Netmask: 255.255.255.0

Gate Way: 10.132.50.50

 

Here is the start of a trace route:

Tracing route to google-public-dns-a.google.com [8.8.8.8]

  1    <1 ms    <1 ms    <1 ms  10.132.50.50

  2     1 ms    <1 ms    <1 ms  192.168.1.50

  3    20 ms    10 ms    10 ms     ISP based IP (not my x.x.x.x public WAN IP)

 

In the log viewer, I do see "Could not associate packet to any connection." quite allot.

Hopefully this is enough info…

Thank you,

J



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    thank you for responding. I have attached two pictures of my rules. I removed the host names in the 2nd photo. it is just the names of two NAS devices. I also switch the gateway IP to match the IPs I originally posted.

    While troubleshooting, I have removed a lot of rules, set services to any, and removed any other thing that seems like it might cause an issue.

    hope this helps.

Children
  • 0 in reply to JHarp1

    Hi,

    a couple of things to make your life little easier,

    you don't need rules 11 and 12, the XG has rule 0 (hidden) to do the same thing.

    I would also remove your country block until Sophos reports that it has been fixed. I found it blocking my countries key sites.

    I will read in more detail shortly.

    Ian

    rules 14v and 2 duplicate access.

    WIFI and LAN are usually in the same zone LAN so you don't need to specify both.

    You said you only had one external link, so you can remove the backup connection.

    There is no need to use the DMZ on the modem, the normal interface will be okay. DMZs usually do not have rules associated with them. Double NAT can cause issues if you are planning on providing access to your NAS from the internet.

    I do not understand why you have a LAN to LAN rule?

  • 0 in reply to rfcat_vk

    Thank you.

    I removed or disabled the ones mentioned and also removed the backup connection (i did question that one...)

    I will switch back off DMZ and test it out. I did noticed that I do have UPnP disabled on modem.

    LAN to LAN i need to check into. Traffic shows NAS to NAS and then PC to printers and such. My home network is not normal... XG ports 4-8 are now in a bridge configuration. each of those go out to routers in bridge mode.

    most all Wifi devices route though a different all in one "dumb" firewall. This was just recently added however, and is not the cause. it is plugged into the same modem on another available port. no issue on this network...many devices can connect at the same time...

    another thing I noticed... not sure if it will help or not but I see it repeated in the firewall log through out the day.

    Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port2" out_interface="" src_mac="MAC of MODEM" src_ip="192.168.1.50" src_country="" dst_ip="224.0.0.1" dst_country="" protocol="2" src_port="0" dst_port="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature"\

     

    Here is is network zones:

  • 0 in reply to JHarp1

    Hi,

    the capture you showed is a broadcast from the modem.

    As far as I am concerned upnp is a security risk and I do not let it anywhere near the internet. I disable it on most devices where I can.

    For your various LAN to LAN communications you will need to specify the source LAN otherwise you will have trouble identifying where your traffic is going or not going as in your current case.

    You seem to have a very strange network, not sure why, maybe you like network pain or just exploring options?

    Ian

  • 0 in reply to rfcat_vk

    its kind of a forced learning method I use for some unknown reason...

    running out of time tonight, I will check into figuring out what you suggested in the morning.

    Thanks again for your help!

  • 0 in reply to JHarp1

    I have been going over everything, hoping issue is cause by something I checked or unchecked and was wondering if I need anything checked in local service ACL under WAN?

    I never took a screen shot of default.

    only inbound connection is from a RED. no servers or anything else like that. the network itself is complicated, but device wise it is quite simple, 2 PCs and a bunch of random printers.

    I found that if i tick dynamic routing under WAN that blocked traffic from modem i mentioned last night disappears from log viewer.