When I am connected via VPN (T2TP IPSec Cert) from my Android device, I see the following traffic being blocked. Please help me with firewall rules to allow this traffic.
In the following line, 25.34.91.203 is the IP address of phone's public network which is not static, 192.168.100.27 is the IP address of a laptop running VNC. The VNC session is established just fine. When I disconnect the session, the disconnection process hangs and the I see a bunch of lines like below repeated in the network live log.
2012:12:06-11:10:27 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth0" mark="0x1106" app="262" srcmac="0:c:29:29:e9:32" srcip="25.34.91.203" dstip="192.168.100.27" proto="6" length="52" tos="0x00" prec="0x00" ttl="63" srcport="35853" dstport="5900" tcpflags="ACK"
2012:12:06-11:10:27 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth0" mark="0x1106" app="262" srcmac="0:c:29:29:e9:32" srcip="25.34.91.203" dstip="192.168.100.27" proto="6" length="52" tos="0x00" prec="0x00" ttl="63" srcport="35853" dstport="5900" tcpflags="ACK"
The following line is seen repeatedly in network live log while I am connected via VPN. Port 5228 (TCP and UDP) is required to access Google Play Store. Address 25.34.91.203 is my phone's public IP, 173.194.76.188 is Google's server. These IP addresses are not static.
2012:12:06-11:11:58 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth1" mark="0x1106" app="262" srcmac="0:c:29:29:e9:3c" srcip="25.34.91.203" dstip="173.194.76.188" proto="6" length="185" tos="0x00" prec="0x00" ttl="63" srcport="60955" dstport="5228" tcpflags="ACK PSH"
The following line is seen repeatedly as the phone tries to access Gmail account when connected via VPN. Address 25.34.91.203 is phone's public IP, 74.125.142.109 is Google's mail server (both addresses are dynamic).
2012:12:06-11:13:46 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth1" mark="0x1106" app="262" srcmac="0:c:29:29:e9:3c" srcip="25.34.91.203" dstip="74.125.142.109" proto="6" length="52" tos="0x00" prec="0x00" ttl="63" srcport="49154" dstport="993" tcpflags="ACK"
2012:12:06-11:13:46 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth1" mark="0x1106" app="262" srcmac="0:c:29:29:e9:3c" srcip="25.34.91.203" dstip="74.125.142.109" proto="6" length="82" tos="0x00" prec="0x00" ttl="63" srcport="49154" dstport="993" tcpflags="ACK PSH"
2012:12:06-11:13:46 agismbgfw ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth1" mark="0x1106" app="262" srcmac="0:c:29:29:e9:3c" srcip="25.34.91.203" dstip="74.125.142.109" proto="6" length="82" tos="0x00" prec="0x00" ttl="63" srcport="49154" dstport="993" tcpflags="ACK PSH"
I have tried many things but due to limited experience, I could not create a firewall rule to allow access to above. Any help would be appreciated.
Update: As per Bob's response, the live log has been replaced by full firewall log.
Thanks...
Arun Gupta
This thread was automatically locked due to age.
