Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 22260 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop on port 8000 (online radio)

Unique798

Hi!

i am getting troubles on port 8000. How to open it for this ip 93.103.13.156 to listen an online radio. I am getting default drop.

Here is the firewall log.

Default DROP TCP  
192.168.2.4 : 20860
93.103.13.156 : 8000
[SYN] len=60 ttl=60 tos=0x00 srcmac=b0:5a:da:cb:1f:d2 dstmac=00:1c:c0:fe:6b:6c

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post the line corresponding to the one above.  Also, confirm that your configuration doesn't violate #3 or #4 in Rulz.


    Cheers - Bob

  • 0 in reply to BAlfson

    Here is some of the full firewall log. Hope it helps to determine the cause.

    2016:02:16-18:58:23 kll ulogd[8921]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="ppp0" srcmac="b0:5a:da:cb:1f:d2" dstmac="00:1c:c0:fe:6b:6c" srcip="192.168.2.4" dstip="93.103.13.156" proto="6" length="60" tos="0x00" prec="0x00" ttl="60" srcport="19061" dstport="8000" tcpflags="SYN"

  • 0 in reply to Unique798

    fwrule="60002"

    This means that there's no firewall rule allowing this port out, so you need something like 'Internal (Network) -> {1:65535->8000} -> Internet : Allow'.

    Cheers - Bob
    PS We only needed the one line, so I erased the others.

  • 0 in reply to BAlfson
    I have the following rule for allowing port 8000. But remember my network knowledge is limited.

    No group, position 3, internal network 192.168.2.0/24, services TCP, destination port 8000,source port 1:65535, allow. Destination is external network. My only internet connection is mobile broadband modem (4G modem). Is this rule ok? Still getting dafault drop.

    Thanks for your help.
  • 0 in reply to Unique798
    I've corrected my post above by adding "Internet" to the traffic selector. Your destination was incorrect.

    Cheers - Bob
  • 0 in reply to BAlfson
    I choose internet ipv4 for destination. No more default drop. Here is the live log.
    08:04:57 Packet filter rule #3 TCP
    192.168.2.1 : 18126

    93.103.13.156 : 8000

    [SYN] len=60 ttl=60 tos=0x00 srcmac=b0:5a:da:cb:1f:d2 dstmac=00:1c:c0:fe:6b:6c

    And the line from full firewall log.

    2016:02:20-08:04:52 kll ulogd[4572]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="3" initf="eth0" outitf="ppp0" srcmac="b0:5a:da:cb:1f:d2" dstmac="00:1c:c0:fe:6b:6c" srcip="192.168.2.1" dstip="93.103.13.156" proto="6" length="60" tos="0x00" prec="0x00" ttl="60" srcport="18125" dstport="8000" tcpflags="SYN"
  • 0 in reply to Unique798
    Still not working. The error in VLC player is your input can't be opened:
    VLC is unable to open the MRL 'http://93.103.13.156:8000/'. Check the log for details.
Reply Children
No Data