Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 9350 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port blocked

vasileiosg

Hello,

I use Sophos UTM9 VM home edition.

Behind UTM9 I have a Synology box. It serves two purposes:

  • Plex (Port 32400 with HTTPS)
  • Management Web (Port 8443)

 

I set up the Web Protection for forwarding 443 to 8443 for the Synology box.

 

  • I also set a NAT rule hitting the Internet facing firewall IP, to forward the request for port 32400 to my NAS box
  • I also set a Firewall rule to allow from Any towards the NAS box for port 32400.

And yet again, my packages are being blocked! I even moved the rule to the top and here is what shows on the log:

 

2017:03:09-22:46:02 vpn ulogd[5249]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth2" srcmac="60:a3:7d:94:5d:df" dstmac="00:0c:29:54:e7:38" srcip="10.10.3.5" dstip="10.10.2.3" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="64194" dstport="32400" tcpflags="SYN"
2017:03:09-22:46:02 vpn ulogd[5249]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth2" srcmac="60:a3:7d:94:5d:df" dstmac="00:0c:29:54:e7:38" srcip="10.10.3.5" dstip="10.10.2.3" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="64195" dstport="32400" tcpflags="SYN"

 

Now I don't know which rule is the 60002 but I don't have such a rule and I don't know wh it is blocking it.

I am open to ideas!

Thanks guys!



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

     

    60002 is a forward default drop , please reference https://community.sophos.com/kb/en-us/115029

     

    I believe you might have misconfigured your DNAT rule? But hard to tell without actually seeing it.

    It should be ANY -> Service 32400 -> WAN -> SYNO ( leave service empty on  destination unless you need to change it )

     

    Your log seems to be from a VPN connection and not WAN side firewall log. If you are doing this on a VPN, remember to allow the VPN IP scope access ( firewall allow ) to the LAN where the SYNO resides.

     

    Cheers

  • +1 in reply to Vels

    Word of advise:

    Don't try in the middle of the night when you are tired to do firewall and NAT rules!

     

    I was pointing to the wrong system.

Reply Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML