I am running a server behind my network. The server runs a service on port: 50312, and I believe that I have followed the steps correctly for Service Definition, Firewall, and DNAT with Automatic Firewall rules for each WAN interface. I know I can consolidate both rules into one with Uplink Interfaces, but I want to have control to turn one or the other off.
I am able to receive connections and upload data. However, when I check the Firewall Livelog, I can see UDP port 50312 DROPs constantly, in fact, 94% of dropped packets are from this server to internet addresses. I noticed that if I defined a Service as UDP 50312->65535, then I no longer have dropped UDP packets. I am only running the Firewall service and Anti-Portscan.
Topology:
Server (50312) -> Dumb Gig Switch -> UTM -> WAN Interfaces
Service Definitions:
First: TCP/UDP 1:65535 -> 50312
Second: UDP 50312 -> 1:65535 (When this definition is removed, I get all the UDP drops)
Firewall:
Internal Network -> Service Definitions -> Any
NAT:
DNAT 1 w/ Auto FW rule: Any -> TCP/UDP: 50312 -> WAN1 (Address)
Destination: Server Host Definition (DHCP Reserved)
Service: Blank
DNAT 2 w/ Auto FW rule: Any -> TCP/UDP: 50312 -> WAN2 (Address)
Destination: Server Host Definition (DHCP Reserved)
Service: Blank
Live Log:
11:38:46 Default DROP UDP
10.0.1.30 : 50312 -> 109.x.x.35 : 11682
len=86 ttl=63 tos=0x00 srcmac=x:x:x:x:x[:D]7 dstmac=x:x:x:x:x:51 (This MAC is WAN1)
11:38:52 Default DROP UDP
10.0.1.30 : 50312 -> 121.x.x.143 : 22055
len=86 ttl=63 tos=0x00 srcmac=x:x:x:x:x[:D]7 dstmac=x:x:x:x:x:51
11:38:52 Default DROP UDP
10.0.1.30 : 50312 -> 83.x.x.85 : 50535
len=86 ttl=63 tos=0x00 srcmac=x:x:x:x:x[:D]7 dstmac=x:x:x:x:x:51
My questions are:
Is this DROP behavior normal, and should I remove the second service definition?
Should I keep the second service definition?
Why does it occur on dstmac for WAN1 Interface?
This thread was automatically locked due to age.
