Please forgive me; I'm working on only a few hours of sleep this year so I'm hoping that this is just a silly oversight on my behalf that is easily fixed:
I don't want to post unedited firewall logs here so I'll do my best to make this easy to understand without missing too much information.
I have several NAT rules set up in my UTM. I can see outside connections being made and accepted to these NAT rules but then something odd happens: the connection is blocked going back out to the requester.
Here's a snippet from the logs:
2015:01:07-16:34:49 74 ulogd[20893]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62012" initf="eth1" srcmac="((Requestor's MAC))" dstmac="((UTM's MAC))" srcip="((Known IP of Requester))" dstip="((eth1 WAN IP))" proto="6" length="48" tos="0x08" prec="0x20" ttl="112" srcport="30148" dstport="55550" tcpflags="SYN"
2015:01:07-16:34:49 74 ulogd[20893]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="eth1" srcmac="((Requestor's MAC))" dstmac="((UTM's MAC))" srcip="((eth1 WAN IP))" dstip="((Known IP of Requester))" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="55550" dstport="30148" tcpflags="ACK SYN"
2015:01:07-16:34:49 74 ulogd[20893]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="eth1" srcmac="((Requestor's MAC))" dstmac="((UTM's MAC))" srcip="((eth1 WAN IP))" dstip="((Known IP of Requester))" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="55550" dstport="4308" tcpflags="ACK SYN"
2015:01:07-16:34:49 74 ulogd[20893]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="eth1" srcmac="((Requestor's MAC))" dstmac="((UTM's MAC))" srcip="((eth1 WAN IP))" dstip="((Known IP of Requester))" proto="6" length="40" tos="0x00" prec="0x00" ttl="126" srcport="55550" dstport="48752" tcpflags="RST"
2015:01:07-16:34:52 74 ulogd[20893]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="eth1" srcmac="((Requestor's MAC))" dstmac="((UTM's MAC))" srcip="((eth1 WAN IP))" dstip="((Known IP of Requester))" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="55550" dstport="30148" tcpflags="ACK SYN"
So what I'm seeing is that the request comes in on the port that I'm expecting and it is accepted. After that the firewall drops my packets from my UTM's WAN IP on their way back to the requester's IP.
The DNAT rules are built the same way I've built them a hundred times before. Intrusion Protection is off. Advanced Threat Protection is off. Application Control is not licensed and is disabled as well.
UTM v9.305-4
Help.
This thread was automatically locked due to age.
