On UTM 9.209, I have Country Blocking enabled for numerous countries.
One of our partners is unable to connect to our site, and I see from the logs that Country Blocking is the reason:
2015:02:08-02:29:29 fw ulogd[5601]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" outitf="eth1" srcmac="***x" dstmac="***x" srcip="128.199.51.x" dstip="69.x.x.x" proto="6" length="60" tos="0x00" prec="0x00" ttl="55" srcport="42412" dstport="80" tcpflags="SYN"
Maxmind shows the source IP is in Amsterdam, Netherland: https://www.maxmind.com/en/geoip-demo. Digital Ocean is listed as the ISP.
I was not blocking Netherlands, but I was blocking Netherlands Antilles (listed under North America as it's in the Caribbean).
fwiw, WhatIsMyIp.co 128.199.51.0 - 128.199.51.255 - Digital Ocean, Inc USA
shows it is registered through RIPE to Digital Ocean in New York, USA.
(I am not blocking USA)
So, I'm not sure if it's being blocked because:
a. Netherlands Antilles was selected
b. the data doesn't match what's currently on Maxmind?
Any ideas how to debug this?
I'm going to ask the partner to leave a ping going so I can try unblocking other countries if opening Netherlands Antilles doesn't help.
Thanks!
Barry
This thread was automatically locked due to age.
