Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 3194 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG 220 Randomly Starts Dropping All Packets (fwrule 60002)

Lane
Hi all,

I'm running 7.504 (upgrading to 7.505 tonight) and today I encountered a strange problem.  It has also happened once before.  Out of the blue the firewall starts dropping all packets, heres a sample from the packet filter log: 


Jun  9 11:56:59 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.18" dstip="208.67.222.222" proto="17" length="70" tos="0x00" prec="0x00" ttl="127" srcport="64899" dstport="53" 

Jun  9 11:56:59 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="50515" dstport="53" 

Jun  9 11:57:00 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="50217" dstport="53" 

Jun  9 11:57:00 ***.***.***.1 2010:06:09-11:50:36 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth0" srcip="***.***.***.18" dstip="***.***.***.14" proto="6" length="92" tos="0x00" prec="0x00" ttl="118" srcport="4528" dstport="1494" tcpflags="ACK PSH" 

Jun  9 11:57:01 ***.***.***.1 2010:06:09-11:50:36 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="51273" dstport="53" 

Jun  9 11:57:02 ***.***.***.1 2010:06:09-11:50:37 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.18" dstip="208.67.222.222" proto="17" length="62" tos="0x00" prec="0x00" ttl="127" srcport="53427" dstport="53" 

Jun  9 11:57:03 ***.***.***.1 2010:06:09-11:50:38 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth0" srcip="***.***.***.18" dstip="***.***.***.14" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="4528" dstport="1494" tcpflags="ACK PSH" 


It looks like mostly DNS requests from the sample, but I can assure you that it was blocking everything.  I looked in the logs around the time that it started happening and couldn't find anything that may have caused this to happen.  I rebooted the firewall and everything began working again.

I'd like to prevent this from happening in the future.  Has this happened to anyone else, or can someone explain why this would happen?  I saw in the knowledgebase that fwrule 60002 corresponds to filter:FORWARD in the iptables chain...  does that have any relevance?

Thanks,
Lane


This thread was automatically locked due to age.
Parents
  • 0
    Interesting. This same issue occurred out of no where a few weeks ago. Packets are being dropped under fwrule 60002, preventing one of our servers from backing up to our NAS. We have an identical server on the same network which has no issues. 

    This is on a ASG320 running 7.401. Has upgrading fixed the issue for you?

    /var/log/packetfilter.log:2010:06:24-15:10:33 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="2243" dstport="445" tcpflags="SYN" 
    /var/log/packetfilter.log:2010:06:24-15:10:34 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
    /var/log/packetfilter.log:2010:06:24-15:10:35 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="2243" dstport="445" tcpflags="SYN"  
Reply
  • 0
    Interesting. This same issue occurred out of no where a few weeks ago. Packets are being dropped under fwrule 60002, preventing one of our servers from backing up to our NAS. We have an identical server on the same network which has no issues. 

    This is on a ASG320 running 7.401. Has upgrading fixed the issue for you?

    /var/log/packetfilter.log:2010:06:24-15:10:33 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="2243" dstport="445" tcpflags="SYN" 
    /var/log/packetfilter.log:2010:06:24-15:10:34 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
    /var/log/packetfilter.log:2010:06:24-15:10:35 idcfw1 ulogd[3233]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth6" outitf="eth6" dstmac="00:10:f3:0b:1f:18" srcmac="00:10:f3:0b:1f:12" srcip="***.***.***.***" dstip="***.***.***.***" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="2243" dstport="445" tcpflags="SYN"  
Children
No Data