hi all,
i'm new to utm9. been using it for a couple of weeks, and have gotten myself to a pretty good spot mostly due to the awesome history of forum interaction related to issues i've encountered. i've run into a problem that i can't quite clear up, however, so i'd appreciate your input. (noting of course that this is likely not a "problem" so much as a configuration issue) :)
firewall is logging the following entries repeatedly:
2017:05:07-00:05:59 mrclean ulogd[558]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth2" srcmac="" srcip="10.10.2.104" dstip="10.10.2.1" proto="17" length="328" tos="0x00" prec="0x00" ttl="64" srcport="68" dstport="67"
...where 10.10.2.104 is the (dynamic) IP of my failover WAN, and 10.10.2.1 is the default gateway of the same failover WAN.
other pertinent information is as follows:
- external WAN is up and running at <ISP_IP>/23, main internal interface is good to go at 10.10.1.1/24
- failover WAN is up and running at 10.10.2.104/24, with this address being served by DHCP on secondary WAN (note: this is a dd-wrt router configured in client mode)
- uplink balancing is setup between external WAN and failover WAN, with the latter in standby (i've seen it suggested to have both in active interfaces with a 100/0 weight, but this seems to be working)
- no link aggregation or multipath, this setup is intended for redundancy only
- dns service set to answer internal IP, forwarders setup using availability group of 2 (external, 3rd party) DNS servers, "use forwarders assigned by ISP" unchecked
- dhcp service is up for internal, answering range 10.10.1.1/24
- firewall set for internal -> any -> any ipv4
- masquerading set for internal (network) -> uplink interfaces (both external WAN and failover WAN)
- SNAT rule setup for internal (network) -> any -> failover (WAN) (network), source translation failover (WAN) (address), automatic firewall rule [[to access dd-wrt without needing to activate remote access]]
all connectivity is functioning as desired. i've tried creating a number of new firewall rules--if even to stop logging these drops--using various scenarios including specifying the 10.10.2.1 gateway as specific host, allowing all/all/all, and quite a few other configurations. i'm hoping someone spots an obvious flub in my configuration and has something to suggest. guessing this has to do with dhcp traversal attempts between the two subnets but i can't figure out what is occurring, specifically.
This thread was automatically locked due to age.
