Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 3 subscribers
  • Views 3513 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

opendns

wingman
Hi All

I 've just edit the DNS settings of my ASG to use opendns (set as forwarders and untick "forwarders assigned by ISP"). However , I am now unable to access a specific client by RDP on the DMZ zone.I am able to share files and view the shared drives on that client. 

It's not a IPS/ pf issue as I've checked both of them. I can't see anything on the logs indicating that the traffic is blogged 

Could you please advice?


This thread was automatically locked due to age.
Parents
  • 0
    Are you trying to use RDP to the IP or the hostname?

    Do you have an internal DNS server? If so, you can tell Astaro to use it, on the DNS request routing page.

    Barry
  • 0 in reply to BarryG
    I am using RDP to connect to the IP
    I don't have an internal DNS server. It's strange cause when I was using my ISP's DNS by ticking the "isp forwaders" everything was working fine. Could it be something related to openDNS?
  • 0 in reply to wingman
    Just to confirm, when you run Desktop Connection, into the box for the 'Computer', you are putting a numeric IP address, not a name or FQDN?
  • 0 in reply to BAlfson
    yes. The connection is to 172.16.1.2. I press connect and instantaneously it drops (no error).
  • 0 in reply to wingman
    Barry, this sounds impossible to me.  What could this be?
  • 0 in reply to BAlfson
    I just tried it today and indeed is not DNS is not related. I 've logged the relevant rule (allowing traffic from zone to DMZ ) and the following traffic is allowed: 

    20:00:10	Packetfilter rule #13	TCP	

    192.168.2.31	:	10861


    172.16.1.2	:	3389

    [SYN]	len=48	ttl=127	tos=0x00	srcmac=00:1f[:D]0:0a:9a:89


    however, RDP still doesn't connect.I can't see any drops on the log. Interesting enough, IPS detects that as follows: 

    2009:06:07-20:00:09 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="10861" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:08:18 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11227" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:08:20 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11228" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:09:20 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11248" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"


    I've tried disabling the rule/ disabling IPS but same issue exists
Reply
  • 0 in reply to BAlfson
    I just tried it today and indeed is not DNS is not related. I 've logged the relevant rule (allowing traffic from zone to DMZ ) and the following traffic is allowed: 

    20:00:10	Packetfilter rule #13	TCP	

    192.168.2.31	:	10861


    172.16.1.2	:	3389

    [SYN]	len=48	ttl=127	tos=0x00	srcmac=00:1f[:D]0:0a:9a:89


    however, RDP still doesn't connect.I can't see any drops on the log. Interesting enough, IPS detects that as follows: 

    2009:06:07-20:00:09 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="10861" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:08:18 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11227" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:08:20 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11228" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

    2009:06:07-20:09:20 Astaro barnyard[6591]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC MS Terminal server request" group="450" srcip="192.168.2.31" dstip="172.16.1.2" proto="6" srcport="11248" dstport="3389" sid="1448" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"


    I've tried disabling the rule/ disabling IPS but same issue exists
Children