Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1639 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

default package drops...

ktaersidon
Hi there,

i have a ASG220 (main site) with FW 9.306.-6 and a SG115w (remote site) also with FW 9.306-6.

These two have an IPSEC Tunnel and i can ping from both sides to the other side. I can also use Webservice provided by the main site at the remote site.
No problems there.
The remote site has a MAC-Client and that client isn't able to connect to our Windowsserver via SMB. Before i had the SG115w there was a FRITZBox and it worked fine. I replaced that FRITZBox and we changed our ISP at the remote site. As stated the Webservices are working.
My rules on both sides are main --> any --> remote and remote --> any --> main.
And i get the following log entries when i try that SMB-Connection (ASG_Wannen is the remote site):

2015:02:03-14:15:43 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:43 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:44 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:44 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:45 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:45 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:46 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:46 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:47 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:47 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:49 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:49 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:51 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:51 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 
2015:02:03-14:15:55 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53289" dstport="139" tcpflags="SYN" 
2015:02:03-14:15:55 ASG_Wannen ulogd[4457]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="a8:20:66:48:b6:35" dstmac="00:1a:8c:45:02:18" srcip="172.17.25.201" dstip="172.17.8.6" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53288" dstport="445" tcpflags="SYN" 

i do have the ports 137,138,139 and 445 for SMB specified, so that they are covered by any
and that MAC gets a timeout...
What do i have to do to fix that?

thx in advance


This thread was automatically locked due to age.
Parents
  • 0
    Hi, 60002 is a default drop rule, which means that your rules or your definitions aren't matching the traffic.

    1. do you have both sides setup correctly with the Local and Remote networks defined on each?

    2. are you sure your firewall rules and service definitions are setup right?

    Screenshots would be best - hit 'go advanced' when posting to attach images.

    Barry
Reply
  • 0
    Hi, 60002 is a default drop rule, which means that your rules or your definitions aren't matching the traffic.

    1. do you have both sides setup correctly with the Local and Remote networks defined on each?

    2. are you sure your firewall rules and service definitions are setup right?

    Screenshots would be best - hit 'go advanced' when posting to attach images.

    Barry
Children