This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Blocking Exceptions II

I have county blocking on and blocking most countries. I have port 35073 open and forwarded for bittorrent. I have and exception to allow this port through to all countries and it works 99% of the time. However, I would say that about once a minute it blocks a connection that it wasn't supposed to. Here is an example.

17:01:13 Country blocked UDP 10.10.150.102 : 35073 → 124.244.XX.XX : 14361 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

17:01:17 Country blocked UDP 10.10.150.102 : 35073 → 112.198.XX:XX : 61025 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

17:02:44 Country blocked UDP 10.10.150.102 : 35073 → 93.159.XX:XX : 15806 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

17:04:36 Country blocked UDP 10.10.150.102 : 35073 → 128.72.XX:XX : 14851 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

17:05:33 Country blocked UDP 10.10.150.102 : 35073 → 112.198.XX:XX : 61025 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

17:06:13 Country blocked UDP 10.10.150.102 : 35073 → 223.206.XX:XX : 10558 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX

The only difference between these blocked lines and the others allowed to pass is the "len=95"

Are these malformed packets or something?

This thread was automatically locked due to age.

0 BarryG over 10 years ago

Hi,

UTM version #?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 yabasoya over 10 years ago

Firmware version: 9.209-8
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

That looks like conntrack timed the connection out. When posting lines from the Firewall log, please post the lines from the full Firewall log file, not the ones from the Firewall Live Log.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 yabasoya over 10 years ago

First two on list..

2014:11:10-17:01:13 ***XX ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="124.244.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="14361"

2014:11:10-17:01:17 ****** ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="112.198.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="61025"
Cancel
Vote Up 0 Vote Down

Cancel