Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 3318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG Blocking ALL Traffic Now!

BigBirdy
Running the latest ASG and all of a sudden I was unable to get through the gateway, DNS would not resolve etc. I have removed/disabled all interfaces now except two eth3 (static WAN interface) and eth0 (static LAN interface). I also disabled the IPS since there were suddenly steady snort errors/failures in the logs. Maybe something got automatically updated in the last day?

I then disabled ALL Packet Filter rules and create a single new one ANY source, ANY server, ANY Destination, just for testing. Still EVERYTHING is getting blocked. Below are some of the steady packet filter logs/drops.

I have had to reconnect my Netgear Firewall just to get back on the internet. 

Can any suggest where to start looking for the source of the problem and how/where do I find "fwrule="60002"? I cant see these numbers anywhere in the GUI?




ay  7 00:07:26 gateway 2010:05:07-00:07:26 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="24.82.0.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="7080" dstport="34908" tcpflags="ACK SYN"  
May  7 00:07:28 gateway 2010:05:07-00:07:28 named[3557]: FORMERR resolving '204-244-79-180.squamish.ca/PTR/IN': 24.82.0.209#53 
May  7 00:07:29 gateway 2010:05:07-00:07:29 named[3557]: FORMERR resolving 'ntp.ubc.ca/AAAA/IN': 24.82.0.209#53 
May  7 00:07:29 gateway 2010:05:07-00:07:29 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:07:e9:39:27:08" srcip="192.168.1.3" dstip="192.168.10.2" proto="17" length="71" tos="0x00" prec="0x00" ttl="63" srcport="33460" dstport="53"  
May  7 00:07:29 gateway 2010:05:07-00:07:29 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="192.168.10.2" proto="17" length="71" tos="0x00" prec="0x00" ttl="63" srcport="47313" dstport="53"  
May  7 00:07:29 gateway 2010:05:07-00:07:29 named[3557]: FORMERR resolving '5.181.73.222.in-addr.arpa/PTR/IN': 24.82.0.209#53 
May  7 00:07:29 gateway 2010:05:07-00:07:29 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="66.45.246.138" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="38707" dstport="80" tcpflags="SYN"  
May  7 00:07:29 gateway 2010:05:07-00:07:29 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="24.82.0.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="7080" dstport="48511" tcpflags="ACK SYN"  
May  7 00:07:30 gateway 2010:05:07-00:07:30 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="192.168.10.2" proto="17" length="73" tos="0x00" prec="0x00" ttl="63" srcport="40996" dstport="53"  
May  7 00:07:31 gateway 2010:05:07-00:07:31 ulogd[3302]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth0" dstmac="00:c0:9f:46:f1:bd" srcmac="00:14:c2:54:95:88" srcip="192.168.1.200" dstip="24.82.0.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="7080" dstport="48511


This thread was automatically locked due to age.
Parents
  • 0
    Confirmed, disabled IPS, problem solved.
    7.504

    -----------
    2010:05:07-09:18:40 fw snort[12216]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246 
    2010:05:07-09:18:40 fw snort[12216]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246 
    2010:05:07-09:18:40 fw snort[12216]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246 
    2010:05:07-09:18:40 fw snort[12216]: Max Header Line Length: 1000 
    2010:05:07-09:18:40 fw snort[12216]: Max Response Line Length: 512 
    2010:05:07-09:18:40 fw snort[12216]: X-Link2State Alert: Yes 
    2010:05:07-09:18:40 fw snort[12216]: Drop on X-Link2State Alert: No 
    2010:05:07-09:18:40 fw snort[12216]: Alert on commands: None 
    2010:05:07-09:18:41 fw snort[12216]: FATAL ERROR: Warning: /etc/snort/rules/astaro.rules(3140) => Unknown keyword ' detection_filter' in rule!
Reply
  • 0
    Confirmed, disabled IPS, problem solved.
    7.504

    -----------
    2010:05:07-09:18:40 fw snort[12216]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246 
    2010:05:07-09:18:40 fw snort[12216]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246 
    2010:05:07-09:18:40 fw snort[12216]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246 
    2010:05:07-09:18:40 fw snort[12216]: Max Header Line Length: 1000 
    2010:05:07-09:18:40 fw snort[12216]: Max Response Line Length: 512 
    2010:05:07-09:18:40 fw snort[12216]: X-Link2State Alert: Yes 
    2010:05:07-09:18:40 fw snort[12216]: Drop on X-Link2State Alert: No 
    2010:05:07-09:18:40 fw snort[12216]: Alert on commands: None 
    2010:05:07-09:18:41 fw snort[12216]: FATAL ERROR: Warning: /etc/snort/rules/astaro.rules(3140) => Unknown keyword ' detection_filter' in rule!
Children
No Data