Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 3515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RST problem

wrallen
03:08:40  Default DROP TCP 199.108.0.133: 80 → 173.***.***.***:39134 [RST] len=40 ttl=48 tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:21:91:xx:xx:xx

I added in the x's there.

The second IP number is my Astaro box's WAN address.  I've tried setting up a Service and a NAT rule like this:

Service: 
SOE Launchpad
TCP
Dest. Port: 1:65535
Source Port: 80

NAT rule:
Traffic Source: SOE 1  (a host with IP 199.108.0.133, interface as any)
Traffic Service: SOE Launchpad
Traffic Destination: External WAN Address
NAT mode: DNAT
Destination: 192.168.2.1 (my computer is here)
Destination Service: SOE Launchpad
Automatic Packet Filter Rule is checked.

It still doesn't work.  Any suggestions?


This thread was automatically locked due to age.
Parents
  • 0
    Do you see anything else in the packet filter log?  Thinking about the line in your first post from the live log, I would have made a NAT rule:

    {199.108.0.133} -> HTTP -> External (Address) : DNAT to {192.168.2.1}
    select 'Auto packet filter rule'


    But, the Astaro is a stateful firewall; it automatically should accept and route responses, so I'm curiuos why you would need a DNAT or even an inbound packet filter rule.  Typically, a DNAT is needed only when you want to accept unrequested packets as  when you offer a webserver.  Unless SOE "pushes" things to you on its own schedule, there's another problem.  

    The full packet filter log has more information than the live log.  Let's look at the same line above from there.  Also, what instructions does SOE give about firewalls?

    Cheers - Bob
  • 0 in reply to BAlfson
    /var/log/packetfilter.log:2010:03:17-19:18:44 wrallen ulogd[3391]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" dstmac="00:21:***:xx:xx:xx" srcmac="00:12:43:aa:08:09" srcip="199.108.0.133" dstip="173.***.***.***" proto="6" length="40" tos="0x00" prec="0x80" ttl="48" srcport="80" dstport="59310" tcpflags="RST"


    here is the last log for that problem, thanks again
Reply
  • 0 in reply to BAlfson
    /var/log/packetfilter.log:2010:03:17-19:18:44 wrallen ulogd[3391]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" dstmac="00:21:***:xx:xx:xx" srcmac="00:12:43:aa:08:09" srcip="199.108.0.133" dstip="173.***.***.***" proto="6" length="40" tos="0x00" prec="0x80" ttl="48" srcport="80" dstport="59310" tcpflags="RST"


    here is the last log for that problem, thanks again
Children
No Data