Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 2 subscribers
  • Views 46761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

fwrule="60002"

domblocs
Hello

Although ports 30100 tcp are open,  I systematically:

2014:11:30-16:13:26 UTM-MAISON ulogd[31186]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth3" outitf="eth1" srcmac="0:xx:xx:xx:x:xx" dstmac="0:xx:xx:xx:xx:xx" srcip="192.168.1.85" dstip="145.226.yyy.yyy" proto="6" length="44" tos="0x00" prec="0x00" ttl="254" srcport="2754" dstport="30100" tcpflags="SYN" 

Firewall:
Sources: DMZ(network)(192.168.1.0/24) 
Services: 30100 D TCP (port de destination)
Destination: 145.226.yyy.yyy (host)

Can you help me

Thanks


This thread was automatically locked due to age.
  • 0
    Hi, and welcome to the user  BB!

    Please click on [Go Advanced] below and attach a picture of the firewall wall that should allow this traffic.  Also, explain where 145.226.yyy.yyy is.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hello

    Thanks you very much


    My attachement below

    145.226.yyy.yyy is a host outside my network

    Domblocs
  • 0
    145.226.yyy.yyy is a host outside my network

    Cheers
  • 0
    Were any of those network objects created by cloning? I have had issues where Cloned network objects would not work as intended in 9.2
  • 0 in reply to NewImage
    Hello. 

    I didn't create any clone networkek object.



    All are well in my UTM but in my DMZ (eth3) 192.168.1.254, i can't outside the 30100 TCP port !

    Thank you for help
  • 0
    Domblocs, since that rule is not applied to the traffic in your log line above, does #3 in Rulz fit your situation?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hello


    I have 2 rules for DMZ

    SOURCES: DMZ Network (eth3)
    SERVICES: 30100 TCP (Destination)
    Destination: 145.226.yyy.yyy (a HOST)


    SOURCES: DMZ Network (eth3)
    SERVICES: 30100 TCP (Destination)
    Destination: 83.206.yyy.yyy (a HOST)


    I have 3 network card

    WAN(ETH1); LAN(ETH0); DMZ(ETH3)
    DMZ (192.168.1.254/24)

    A masquerading : 
    DMZ ==> External WAN

    but  I systematically:

    2014:11:30-16:13:26 UTM-MAISON ulogd[31186]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth3" outitf="eth1" srcmac="0:xx:xx:xx:x:xx" dstmac="0:xx:xx:xx:xx:xx" srcip="192.168.1.85" dstip="145.226.yyy.yyy" proto="6" length="44" tos="0x00" prec="0x00" ttl="254" srcport="2754" dstport="30100" tcpflags="SYN" 

    or

    2014:11:30-16:13:12 UTM-MAISON ulogd[31186]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth3" outitf="eth1" srcmac="0:xx:xx:xx:x:xx" dstmac="0:xx:xx:xx:xx:xx" srcip="192.168.1.85" dstip="83.206.yyy.yyy" proto="6" length="44" tos="0x00" prec="0x00" ttl="254" srcport="2751" dstport="30100" tcpflags="SYN"


    What can i do more ?

    Cheers
  • 0
    Please click on [Go Advanced] below and attach a picture of the Host definition "145.226.yyy.yyy" open in Edit mode avec 'Avancé' ouverte. [;)]

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hello BAlfson

    Pictures attached below

    Cheers
  • 0
    Hi,

    Do the connections work sometimes, and you still see the logged events
    or
    Do the connections not work at all
    ?

    Barry
Cookie Information Banner