2.3 release -> Firewall rules not working
-
I have a VPN working very fine between my notebook and my home network. But this VPN has some rules to allow access for just some ports and was working fine with 2.2.6 release…. Now with the 2.3 release, every edition of existing rules for the VPN has no affect... For example, if I edit a existing rule to add a new host or delete a host, using alias, to permit ping (ICMP), nothing happens (Figure: rule.png and ping.png). I don't know if it is a bug or I am doing something wrong!
VPN network: 192.168.52.0/24
Monitor (notebook): 192.168.52.2/24 (VPN) and 192.168.25.11/24 (network)
Rede_monitorada: 192.168.5.1/32, 192.168.5.2/32
-
While you have that ping to 192.168.5.2 running, go to Diag>States, and filter for 192.168.5.2. See a state there?
-
@cmb:
While you have that ping to 192.168.5.2 running, go to Diag>States, and filter for 192.168.5.2. See a state there?
States WAN ipv6-icmp ff02::1[16448] <- fe80::2273:55ff:fee6:2711[16448] NO_TRAFFIC:NO_TRAFFIC 9.196 K / 0 1.26 MiB / 0 B WAN icmp 192.168.0.2:2662 -> 192.168.0.1:2662 0:0 54.794 K / 54.794 K 1.46 MiB / 1.46 MiB VPN_PROVIDER icmp 10.105.1.6:2853 -> 10.105.1.5:2853 0:0 54.807 K / 0 1.46 MiB / 0 B ovpns4 icmp 192.168.5.1:64370 <- 192.168.52.2:64370 0:0 17 / 17 1 KiB / 1 KiB
Nothing to 192.168.5.2, just to 192.168.5.1
![Diag state.png](/public/imported_attachments/1/Diag state.png)
![Diag state.png_thumb](/public/imported_attachments/1/Diag state.png_thumb) -
Seeing it blocked in the firewall log?
Go to Diag>Tables and pick that alias from the drop down, does its contents look correct?
-
@cmb:
Seeing it blocked in the firewall log?
Go to Diag>Tables and pick that alias from the drop down, does its contents look correct?
Looking the log, the firewall it is not blocking…
The tables it is correct.
Rede_monitorada Table IP Address 192.168.5.1 192.168.5.2 192.168.5.12 192.168.5.251 192.168.5.252 192.168.5.254
I just made another test changing the IP of the monitor alias to 192.168.52.6 and 192.168.0.11 and it was like I have done anything, I still can ping and connect to other machines, except the .2