This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug on packet filter 8.103

Hi,

I think there is a bug with the packet filter with Astaro Release 8.103.
Basic need : the internal network must not have access to a specific external ip for web surfing.

The packet filter rule for this does not work.

So i tried the basic easier test :
Source : Any
Service : Any
Destination : the specific ip adress
Action : reject of course

I saved the rule at the top list but i also tried bottom in any case, it still does not work as anyone can access the web site through web browser using the ip adress.

The astaro web traffic monitor well see the connections [[:)]] but the packet filter does not filter this rule [[:)]]

This thread was automatically locked due to age.

0 BAlfson over 14 years ago

This is desired behavior. A basic rule about traffic arriving at an interface is: DNATs first, then Proxies then manual packet filter and routing rules. In your case, since the HTTP/S Proxy handles the traffic, your packet filter rules are not consulted.

If you are running the HTTP/S Proxy in "Transparent" mode, the easiest solution is to put the specific IP address in the 'Transparent mode skiplist' and uncheck 'Allow HTTP traffic for listed hosts/nets'. Then your manual packet filter rules determine whether the traffic is allowed.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Kynao over 14 years ago in reply to BAlfson

I see [[[[:)]]]] you fired just where it need to be [[[[:)]]]]
Your explanation & solution perfectly works [[[[:)]]]]
Thanks for all

Where can we put rating on people ? [[[[:)]]]]
Cancel
Vote Up 0 Vote Down

Cancel