[7.185] Outbound RDP traffic is blocked by AFC [CONFIRMED]

Hello all,

just tested remote access to a local computer through RDP over the internet (yes, I know this is not really secure - it was only a test). After making the corresponding changes to the network security settings, I only got error messages stating a time limit was hit during connection.

AFC blocked the outgoing packets for no reason:

2008:04:13-21:59:50 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4474" tcpflags="ACKPSH "
2008:04:13-22:00:29 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4475" tcpflags="ACKPSH "
2008:04:13-22:13:06 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4665" tcpflags="ACKPSH "
2008:04:13-22:13:26 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4666" tcpflags="ACKPSH "
2008:04:13-22:13:42 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4667" tcpflags="ACKPSH "
2008:04:13-22:23:11 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4727" tcpflags="ACKPSH "
2008:04:13-22:26:16 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="4738" tcpflags="ACKPSH "
2008:04:13-22:42:12 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1486" tcpflags="ACKPSH "
2008:04:13-22:42:29 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1487" tcpflags="ACKPSH "
2008:04:13-22:43:08 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1488" tcpflags="ACKPSH "
2008:04:13-22:46:20 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1515" tcpflags="ACKPSH "
2008:04:13-22:46:49 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1516" tcpflags="ACKPSH "
2008:04:13-22:52:42 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1561" tcpflags="ACKPSH "
2008:04:13-22:53:03 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1562" tcpflags="ACKPSH "
2008:04:13-22:53:22 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1563" tcpflags="ACKPSH "
2008:04:13-22:56:34 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1576" tcpflags="ACKPSH "
2008:04:13-23:01:34 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1689" tcpflags="ACKPSH "
2008:04:13-23:04:47 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1711" tcpflags="ACKPSH "
2008:04:13-23:05:56 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1712" tcpflags="ACKPSH "
2008:04:13-23:09:39 (none) ulogd[2536]: id="2017" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Alert" action="log" fwrule="60102" outitf="eth0" srcip="205.188.13.12" dstip="192.168.0.5" proto="6" length="58" tos="0x00" prec="0x00" ttl="104" srcport="5190" dstport="59817" tcpflags="ACKPSH "
2008:04:13-23:10:51 (none) ulogd[2536]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="77.56.59.208" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="1775" tcpflags="ACKPSH "

As you can see, only the outbound traffic was blocked. The inbound RDP packets passed the packet filter (I activated logging for the corresponding rule). After adding the internal computer to the control skip-list, everything worked.

If any additional information, logfiles, configuration details or else is needed, I will see if I can help.

Kind regards,
Bastian

Parents

$_alex\$

0 _alex\ over 17 years ago

afc classifies rdp-sessions as winny file transfer. is a bug.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Monarch over 17 years ago in reply to _alex\

This has not been fixed in 7.190, has it?

2008:04:17-10:41:02 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12265" tcpflags="ACKPSH "
2008:04:17-10:41:35 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12287" tcpflags="ACKPSH "
2008:04:17-10:42:17 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12363" tcpflags="ACKPSH "

Edit: just saw you have updated the known issues list under http://astaro.org/showthread.php?t=21527 :-)

Reply

0 Monarch over 17 years ago in reply to _alex\

This has not been fixed in 7.190, has it?

2008:04:17-10:41:02 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12265" tcpflags="ACKPSH "
2008:04:17-10:41:35 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12287" tcpflags="ACKPSH "
2008:04:17-10:42:17 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="ppp0" srcip="192.168.0.100" dstip="83.77.125.129" proto="6" length="51" tos="0x00" prec="0x00" ttl="127" srcport="3389" dstport="12363" tcpflags="ACKPSH "

Edit: just saw you have updated the known issues list under http://astaro.org/showthread.php?t=21527 :-)

Children

No Data