Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 2 subscribers
  • Views 11354 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No Internet connectivity (DNS?)

Schoggiweggli
Hello,

I trying to setup my UTM for days now. It is my first Sophos UTM but i had many other over the past years (IPCop, Smoothwall, Endian, pfSense, Untangle...) but i never had such trouble getting it to work.

I setup everything the same way i did on other UTM solutions, all the settings are correct and other UTMs are working with these settings except Sophos.

My setup looks like this:

Interface: WAN
IPv4 Address: 192.168.1.250
Netmask: 255.255.255.0
GW IP: 192.168.1.100 (Router)


Interface: LAN
IPv4 Address: 192.168.0.250
Netmask: 255.255.255.0
DHCP Range from 30-70

On Global DNS Tab i set Internal Networks allowed, On DNS Forwarder i set the Google DNS Servers. I created a Firewall Rule from Internal to ANY.

I use the UTM Internal IP as DNS (192.168.0.250) for Clients, if i change the DNS Server to Google or ISP (on a Client machine, i get internet access (sometimes...).


After a fresh install the internet connection will work for some time, but after another restart or so it suddenly stops. I can't ping to any hostname out there such as google.com. I can pint the Router and other local devices, even from an internal Machine.

I created backups, did several factory resets and even reinstalled the UTM from an .iso. Nothing worked i can't get it online. I guess it has something to do with DNS but i can't find the error. 

On Untangle i can set the DNS Servers during WAN creating, here i can only define the Gateway but i assume that the DNS Forwarder Tab is for this, right ? 


So in short:

-Router connects to internet
- Sophos UTM connects to Router via Static WAN set to Router IP as Default GW.
-Global DNS set for Internal Networks
-DNS Forwarders are Google or the ISP (doesn't matter) Use ISP DNS unchecked (don't show up anyway).
-Can't ping oder resolve any DNS from within WebAdmin Interface Tools to Internet Server
-Using Google DNS Server on Clients and Internet will work.
-Will not work on clients with UTM Internal IP as DNS

-Factory reset don't help
-Resore fom backup don't help
-Reinstall UTM OS don't work
-Works some time after fresh install ?!?

-Other UTMs i still have still work flawlessly with the same settings and connected Hardware.

I struggle with this since 4 days, i just can't get it to work properly. I think it has something to do with DNS but i cant really find anything specific. Read all the threads here and elsewhere on the internet related to Sophos UTM and DNS but nothing worked.

Any suggestions ? which DNS setting have i missed ? i basically just want that the WAN interface uses the ISPs or Google's DNS Server for resolution, should be a simple thing as it was on other UTMs like Untangle etc.

-Alex


This thread was automatically locked due to age.
  • 0
    Do you have a masquerading rule setup?
  • 0 in reply to dknyinva
    Do you have a masquerading rule setup?


    Yes, fom Internal to External, tried Any -> External also.
  • 0
    Check that your Host/Network definitions don't violate #3 in Rulz.  If that wasn't your issue, does #1 give any hints?

    Cheers - Bob
  • 0 in reply to BAlfson
    Check that your Host/Network definitions don't violate #3 in Rulz.  If that wasn't your issue, does #1 give any hints?

    Cheers - Bob


    #3 looks good. Every definition is ANY (from Hots like Google DNS Server.)

    #1 I disabled everything except Firewall which can't be disabled. The Firewall log give me this:

    Firewall Live Log after Notebook has bootet up (192.168.0.3): 

    21:51:00	Default DROP	TCP	 	

    201.209.37.128	:	2800


    192.168.1.250	:	445

     	

    [SYN]	len=48	ttl=110	tos=0x00	srcmac=c0:25:6:25[:D]0:1f	dstmac=0:1a:8c:14:a9:51

    21:51:03	Default DROP	TCP	 	

    201.209.37.128	:	2800


    192.168.1.250	:	445

     	

    [SYN]	len=48	ttl=110	tos=0x00	srcmac=c0:25:6:25[:D]0:1f	dstmac=0:1a:8c:14:a9:51

    21:51:05	Default DROP	UDP	 	

    192.168.0.3	:	51398


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:05	Default DROP	UDP	 	

    192.168.0.3	:	61797


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:07	Default DROP	UDP	 	

    192.168.0.3	:	58373


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:07	Default DROP	UDP	 	

    192.168.0.3	:	64467


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:09	Default DROP	UDP	 	

    192.168.0.3	:	51439


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:09	Default DROP	UDP	 	

    192.168.0.3	:	61794


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:11	Default DROP	UDP	 	

    192.168.0.3	:	60423


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50

    21:51:11	Default DROP	UDP	 	

    192.168.0.3	:	58071


    192.168.0.250	:	192

     	

    len=32	ttl=64	tos=0x00	srcmac=e0:f8:47:42:32:b2	dstmac=0:1a:8c:14:a9:50


    Firewall Log: 

    2014:10:05-21:42:21 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:42:51 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:43:21 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:43:52 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:44:12 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="195.186.196.122" dstip="192.168.1.250" proto="6" length="60" tos="0x00" prec="0x00" ttl="57" srcport="36774" dstport="49950" tcpflags="SYN" 

    2014:10:05-21:44:13 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="195.186.196.122" dstip="192.168.1.250" proto="6" length="60" tos="0x00" prec="0x00" ttl="57" srcport="36774" dstport="49950" tcpflags="SYN" 

    2014:10:05-21:44:15 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="195.186.196.122" dstip="192.168.1.250" proto="6" length="60" tos="0x00" prec="0x00" ttl="57" srcport="36774" dstport="49950" tcpflags="SYN" 

    2014:10:05-21:44:22 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:44:52 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:45:22 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:45:52 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:46:22 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:46:52 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:47:22 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:47:52 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:48:22 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:48:51 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:49:21 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:49:51 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:50:21 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:50:51 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:51:00 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="201.209.37.128" dstip="192.168.1.250" proto="6" length="48" tos="0x00" prec="0x00" ttl="110" srcport="2800" dstport="445" tcpflags="SYN" 

    2014:10:05-21:51:03 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="201.209.37.128" dstip="192.168.1.250" proto="6" length="48" tos="0x00" prec="0x00" ttl="110" srcport="2800" dstport="445" tcpflags="SYN" 

    2014:10:05-21:51:05 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="51398" dstport="192" 

    2014:10:05-21:51:05 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="61797" dstport="192" 

    2014:10:05-21:51:07 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="58373" dstport="192" 

    2014:10:05-21:51:07 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="64467" dstport="192" 

    2014:10:05-21:51:09 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="51439" dstport="192" 

    2014:10:05-21:51:09 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="61794" dstport="192" 

    2014:10:05-21:51:11 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="60423" dstport="192" 

    2014:10:05-21:51:11 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="58071" dstport="192" 

    2014:10:05-21:51:13 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="60236" dstport="192" 

    2014:10:05-21:51:13 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="55507" dstport="192" 

    2014:10:05-21:51:19 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="61121" dstport="192" 

    2014:10:05-21:51:19 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="60126" dstport="192" 

    2014:10:05-21:51:21 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="c0:25:6:25[:D]0:1f" dstmac="0:1a:8c:14:a9:51" srcip="192.168.1.100" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2014:10:05-21:51:25 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="51248" dstport="192" 

    2014:10:05-21:51:25 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="62010" dstport="192" 

    2014:10:05-21:51:31 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="62333" dstport="192" 

    2014:10:05-21:51:31 utm ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="e0:f8:47:42:32:b2" dstmac="0:1a:8c:14:a9:50" srcip="192.168.0.3" dstip="192.168.0.250" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="61633" dstport="192" 


    HTTP traffig don't show up when i try to open a website like sophos.com. Looks like everything get blocked ?!
  • 0
    Although these are unrelated to your DNS issue, the log files do raise two questions: Why would an IP in Venezuela (201.209.37.128) or in Switzerland (195.186.196.122) be sending Active Directory (445) requests to you?  Why is your laptop sending OSU Network Monitoring System (UDP 192) messages to the UTM?

    We've eliminated everything else.  It sounds like there's a hardware conflict.  What NICs are you using?

    Cheers - Bob
  • 0 in reply to BAlfson
    Although these are unrelated to your DNS issue, the log files do raise two questions: Why would an IP in Venezuela (201.209.37.128) or in Switzerland (195.186.196.122) be sending Active Directory (445) requests to you?  Why is your laptop sending OSU Network Monitoring System (UDP 192) messages to the UTM?

    We've eliminated everything else.  It sounds like there's a hardware conflict.  What NICs are you using?

    Cheers - Bob


    I'ts a macbook, apple uses UDP 192 for things like AirPort Admin Utility. For the other i really have no idea at the moment.

    It is an UTM 110/120 so they are Intel NICs. The desktops use Intel NICs too, don't know what the router has (probably not Intel). Theres also a Netgear ProSafe 8 Port switch between UTM Internal & Clients.

    Do you think it's a hardware conflict ? i can ping the router through everything from a Client but can't get internet access.

    -Alex
  • 0
    I'ts a macbook, apple uses UDP 192 for things like AirPort Admin Utility.

    Still, it shouldn't be sending those packets to the IP of the UTM's "Internal (Address)."

    I don't think it's the problem, but it needs to be eliminated: Edit the External interface definition, and, in the 'Advanced' section, set the MTU to 1350. If that works, check with your ISP to help find the largest setting that works. If this doesn't work, set the MTU back to its original value.

    If that didn't do it, it's time to look at the traffic.  In Forwarders, eliminate everything but the Google name server 8.8.8.8.  At the command line, run the following command:

    tcpdump -n -i eth1 dst 8.8.8.8


    Browse to https://www.google.com/.  Change dst to src in the command and try a different site.  What did you see?

    Cheers - Bob
  • 0 in reply to BAlfson
    Set MTU to 1350 did not work. I also changed the router today, still not.

    That says the command line: 
    utm:/home/login # tcpdump -n -i eth1 dst 8.8.8.8

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

    23:07:01.378576 IP 192.168.1.250 > 8.8.8.8: ICMP echo request, id 5126, seq 15, length 64

    23:08:01.379771 IP 192.168.1.250 > 8.8.8.8: ICMP echo request, id 5126, seq 16, length 64

    2 packets captured

    2 packets received by filter

    0 packets dropped by kernel

    utm:/home/login #


    changed dst to src: 
    23:11:04.786946 IP 8.8.8.8 > 192.168.1.250: ICMP echo reply, id 5126, seq 19, length 64

    23:12:04.787662 IP 8.8.8.8 > 192.168.1.250: ICMP echo reply, id 5126, seq 20, length 64

    23:13:04.789786 IP 8.8.8.8 > 192.168.1.250: ICMP echo reply, id 5126, seq 21, length 64

    23:14:04.790912 IP 8.8.8.8 > 192.168.1.250: ICMP echo reply, id 5126, seq 22, length 64
  • 0
    It looks like you followed the DNS Best Practice post and are using an Availability Group in 'DNS Forwarders'.  Maybe you'll need to flush the DNS cache in the UTM, your internal DNS server and your client before trying that test again.

    Cheers - Bob
  • 0
    I flueshed DNS on the UTM and Clients, now only Google DNS 8.8.8.8 as Host is active as DNS Forwarders.

    dst: 
    utm:/home/login # tcpdump -n -i eth1 dst 8.8.8.8

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

    00:38:03.352344 IP 192.168.1.250.53538 > 8.8.8.8.53: 8127+ A? google.com. (28)

    00:38:08.399978 IP 192.168.1.250.53556 > 8.8.8.8.53: 61599+ A? google.com. (28)

    00:38:16.700831 IP 192.168.1.250 > 8.8.8.8: ICMP echo request, id 5248, seq 5, l             ength 64

    00:38:30.068962 IP 192.168.1.250.49371 > 8.8.8.8.53: 40935+ A? google.com. (28)

    00:38:35.124413 IP 192.168.1.250.49385 > 8.8.8.8.53: 28468+ A? google.com. (28)


    src: 
    utm:/home/login # tcpdump -n -i eth1 src 8.8.8.8

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

    00:39:38.192972 IP 8.8.8.8.53 > 192.168.1.250.59673: 51623 16/0/0 A 193.134.255.44, A 193.134.255.39, A 193.134.255.35, A 193.134.255.24, A 193.134.255.50, A 193.134.255.20, A 193.134.255.40, A 193.134.255.29, A 193.134.255.45, A 193.134.255.54, A 193.134.255.55, A 193.134.255.49, A 193.134.255.25, A 193.134.255.30, A 193.134.255.34, A 193.134.255.59 (284)

    00:40:11.198988 IP 8.8.8.8.53 > 192.168.1.250.60243: 13169 16/0/0 A 193.134.255.44, A 193.134.255.39, A 193.134.255.35, A 193.134.255.24, A 193.134.255.50, A 193.134.255.20, A 193.134.255.40, A 193.134.255.29, A 193.134.255.45, A 193.134.255.54, A 193.134.255.55, A 193.134.255.49, A 193.134.255.25, A 193.134.255.30, A 193.134.255.34, A 193.134.255.59 (284)

    00:40:16.732318 IP 8.8.8.8 > 192.168.1.250: ICMP echo reply, id 5248, seq 7, length 64