Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 2 subscribers
  • Views 16917 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

7.501 Strange Packet Filter behaviour

Suppentrulli
Hi Astaro,

i have a strange packet filter behaviour, maybe you can help me.

I'm trying to use my directly connected LDAP-server (ssl, port 636) for user-authentication in Astaro, but astaro always filters the packets.

ASG: 192.168.1.1
LDAP: 192:168.1.2

Rule #1:
Source:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24

Destination:
192.168.1.2/32
etc.

Service:
ICMP, 443, 53(tcp/udp), 636 etc.

Logfile: 
19:52:20 Default DROP TCP 192.168.1.1 : 42467 → 192.168.1.2 : 636 [SYN] len=60 ttl=64 tos=0x00 srcmac=00:30:18:aa:aa:aa dstmac=00:00:00:00:00:00

19:52:22 Default DROP TCP 192.168.1.1 : 42467 → 192.168.1.2 : 636 [SYN] len=60 ttl=64 tos=0x00 srcmac=00:30:18:aa:aa:aa dstmac=00:00:00:00:00:00  

 
With a dedicated rule with the firewall-interface 192.168.1.1 as source it is working, but not with 192.168.1.0/24. WHY?


This thread was automatically locked due to age.
Parents
  • 0
    OK, but I still don't understand where these files come from - ASG1 or ASG2?  Also, please post the full packet filter log entries as they contain more information.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi BAlfson,

    the entries come from ASG1:

    Today (not working): 
    2010:02:20-12:41:28 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:31 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:37 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:49 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 


    Yesterday (working): 
    2010:02:19-20:24:55 *** ulogd[3269]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="172.16.2.1" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="33451" dstport="636" tcpflags="SYN" 


    The thing is, that i use my ASG1 to authenticate users with ActiveDirectory on remote site (172.17.2.2)
Reply
  • 0 in reply to BAlfson
    Hi BAlfson,

    the entries come from ASG1:

    Today (not working): 
    2010:02:20-12:41:28 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:31 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:37 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 

    2010:02:20-12:41:49 *** ulogd[3269]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="217.83.***.***" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="35418" dstport="636" tcpflags="SYN" 


    Yesterday (working): 
    2010:02:19-20:24:55 *** ulogd[3269]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="unknown" outitf="ipsec0" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="172.16.2.1" dstip="172.17.2.2" proto="6" length="56" tos="0x10" prec="0x00" ttl="64" srcport="33451" dstport="636" tcpflags="SYN" 


    The thing is, that i use my ASG1 to authenticate users with ActiveDirectory on remote site (172.17.2.2)
Children
No Data