Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 41 replies
  • Subscribers 28 subscribers
  • Views 106586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Traffic/Rules

MichaelCreamer

I am now having an issue with my firewall rules.  Traffic does not seem to be passing through them.  I also don't see any sessions.  I have it set up in gateway mode, and port 2 directly connected to my NetGear Router.  I see the gateway is up and I can ping out.  Little help please

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Michael,

    Check #1.1 in my troubleshooting guide and take a packet capture on the Source IP address. You can see which FW-rule ID forwards the traffic. If you are able to ping but the traffic is not accounted on the fw-rule then you have a different issue.

    Thanks

  • 0 in reply to sachingurung

    Since it appear my problem to be  Asymmetric routing i added the bypass rule.  its unusual because I also did a show packet dump and the system shows traffic out 172.16.16.23 to 172.16.16.9 (macbook Lan) on 550805 with ACK.  The reason i say strange s because I set DHCP as 172.16.16.50-150 and I am seeing 6 DHCP addresses, but still no traffic through the firewall, yet I can do a trace route and it shows me that traffic is going out my 192.168.1.1 gateway. 

  • 0 in reply to john_kenny

    Ok, I have the same result.  I have switched to bridge mode, 

    Lan Port 1 192.168.1.200  Standard Ethernet cable

    Wan Port 2 192.168.1.1 Gateway Cross Over cable.

     

    When I have both Cables in, I ping only the gateway, I have no Internet, and can not reach the lan

    When I have the wan cable in, I can ping the gateway, and the internet, but not the lan

    When I Have the Lan Cable in, I can ping all three, but there is not traffic through the firewall

    Also note, this is the traffic that passed, prior to me pulling the lan cable. 

    There is nothing in the firewall log, didn't turn it, on. Going to turn it on, let the wan run for a while to build the log. Then plug LAN back in. 

  • 0 in reply to MichaelCreamer

    Those ips is 192.168.1.200 the bridged pair IP yeah and then the 192.168.1.1 is its DG??

    If you setup the bridge using the wizard the 2 NICs on XG will be bridged so it will have 1 IP for the bridge, also with it setup this way whats happens when you connect a device to the LAN port of XG directly?

    JK

  • 0 in reply to john_kenny

    The default firewall now try turning off the IP rewriting,

    JK

  • 0 in reply to john_kenny

    Ok, So I followed the wizard, and so how do I resolve this. I did the wizard, follow the cabling, etc...

  • 0 in reply to MichaelCreamer

    So if you connect a device into the LAN port of XG and use DHCP on the device what address does it get??

    also what does tracert give u from that too??

    Can you still access the Webui of the netgear through sophos??  

    Also is your XG device SW install or VM or HW??

    Also have you changed any over settings yet? like device access, ips etc?  Id be inclined to do a reinstall or factory reset it.

    from what your saying it sounds right so should be working.

    JK

  • 0 in reply to MichaelCreamer

    Sorry i just looked at you diagram, that's not going to work you have made a loop.

    you really don't want to come out the netgear then back in it as it will see it as a loop and screw up the routes.

    your modem is it Cable or VDSL?

    can you not go from that to XG WAN in gateway mode. then out XG lan to the netgear LAN and turn off its DHCP and firewall and just use it for Wifi?

    Thats how i use my XG.

    JK

  • 0 in reply to john_kenny

    I have a cable Modem, so your saying

     

    Connect the Cross over cable to the Cable Modem on the Wan Port? Switch my Router from router mode to Bridge mode, and connect the Lan cable (XG) to the Lan Cable on the Router with a Regular Cat5?  

  • +1 in reply to MichaelCreamer

    no dont even have to touch the modem, leave it as is.  Then use straight cable from that to XG WAN port, then use straight cable from XG LAN port to Netgear LAN port and also turn off the netgears DHCP server and change the netgears LAN IP so its not 192.168.1.1.

    Also put XG into Router / Gateway mode, then try.

    Oh and setup WAN port on XG to DHCP, LAN on XG to 192.168.1.1. then all your devices will use 192.168.1.0/24 network and DG of 192.168.1.1

    thats basically how i have my cable modem and XG.  I dont use crossover cables.

     

    JK

  • 0 in reply to john_kenny

    MAN!!!  YOU DA...  Thanks for sticking with me man, that was the fix!! So I see the traffic, I am on the lan and the wan!!  Thanks so much!!

  • 0 in reply to MichaelCreamer

    So you set it up exactly how i said??  You will want to make sure to turn off dhcp on the netgear and create dhcp on xg, for that you want to set a range in 192.168.1.1/24 and dg of 192.168.1.1 & dns of 192.168.1.1.

    Do that and you will have a network, and your wifi devices will get ips from xg.

    Glad i could help.

    JK

Reply
  • 0 in reply to MichaelCreamer

    So you set it up exactly how i said??  You will want to make sure to turn off dhcp on the netgear and create dhcp on xg, for that you want to set a range in 192.168.1.1/24 and dg of 192.168.1.1 & dns of 192.168.1.1.

    Do that and you will have a network, and your wifi devices will get ips from xg.

    Glad i could help.

    JK

Children
No Data