Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 11986 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

System block UDP port

Fir3wall
Hi all,
I have some problem with UDP port.
Astaro block them also if I did a specific rule to permit for example hostX-->(service with UDP port from/to 10000:50000)-->any (or external address)

I get from firewall log:
12:19:11 Default DROP UDP XX.18.194.*** : 4377→ XX.37.54.XX:5060 len=625  ttl=45 tos=0x00 srcmac=0:xx:33:90:95:xx  dstmac=0:xx:2x:x:x:xx


I also disabled UDP flood protection under Intrusion Prevention.

Any idea
Alex


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BarryG
    Hi, you say you're allowing ports 10000-50000, but the log shows ports 4377 and 5060.
    Barry


    Yes you  are right I post  it quickly and not re-read it.
    I have also an UDP 5060 rule and a new UDP rule  range to cover 1000:65000 (instead of standard RTP port).
    The problem is for SIP data connection in mobility because the client communicate with random UDP port and so is difficult to control it.
    I have also a DNAT to point to the Asterisk server for correct incoming request on 5060 or 1000:65000 (see image below).
    As I said before unfortunatly I configured a DNAT for a large range of UDP port (not really beautiful) and activate automatic firewall rule but the system drop yet the authorized packet why?

    10:30:34 Default DROP UDP 85.xx.194.xx(public IP request):4647→94.xx.139.xx (my public IP):5060 len=627 ttl=45  tos=0x00 srcmac=xx:1f:xx:90:95:xx dstmac=xx:c:xx:5:1:xx


    Please post the corresponding line from the full log and a precise definition of the Firewall rule that doesn't seem to work.
    Cheers - Bob


    Tnx bAlfson these are the additional info that I'm able to get from full log:
    ulogd[5573]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1"

    Regards
    Alessio