Fresh Build, disabled LAN to Any Rule, Added allow rules but no internet, HELP !

DigitalDick

Hi All,

I have done a fresh install, config is…

EE BrightBox 2 VDSL Modem
No bridging available,ISP is dynamic, LAN is set to static 192.168.48.1.7. DMZ set to 192.158.48.7. DHCP disabled, NAT Enabled ( when I disabled no internet access ) Firewall off.

i3 PC with Dual Intel Pro MT 1000
Fresh Build, WAN from BrightBox 2, LAN on 192.168.1.1

In the image attached, when I disable the default allow lan to any rule, the other rules do not allow me access to the internet.

Any ideas or if any other information needed please let me know, I have spent hours on this and am losing will to live :( haha !

Thanks,
Rich

RULES.JPG_thumb

DigitalDick

Also the rules above are set on the LAN, not WAN.

Below is the packet capture when the default LAN to all is disabled

19:51:07.072035 IP 192.168.1.13.1547 > 159.122.90.118.5938: tcp 24
19:51:07.144595 IP 159.122.90.118.5938 > 192.168.1.13.1547: tcp 0
19:51:09.406938 IP 192.168.1.13.53676 > 192.168.1.1.53: UDP, length 34
19:51:09.614069 IP 192.168.1.13.53676 > 192.168.1.1.53: UDP, length 34
19:51:10.603249 IP 192.168.1.13.53676 > 192.168.1.1.53: UDP, length 34
19:51:12.592727 IP 192.168.1.13.53676 > 192.168.1.1.53: UDP, length 34
19:51:13.965185 IP 192.168.1.13.64943 > 157.56.106.189.3544: UDP, length 61
19:51:14.052363 IP 157.56.106.189.3544 > 192.168.1.13.64943: UDP, length 109
19:51:14.644022 IP 208.123.73.18.443 > 192.168.1.13.1860: tcp 31
19:51:14.644145 IP 208.123.73.18.443 > 192.168.1.13.1860: tcp 0
19:51:14.644271 IP 208.123.73.18.443 > 192.168.1.13.1866: tcp 31
19:51:14.644395 IP 208.123.73.18.443 > 192.168.1.13.1866: tcp 0
19:51:14.659535 IP 192.168.1.13.1860 > 208.123.73.18.443: tcp 0
19:51:14.660034 IP 192.168.1.13.1860 > 208.123.73.18.443: tcp 0
19:51:14.660041 IP 192.168.1.13.1866 > 208.123.73.18.443: tcp 0
19:51:14.679002 IP 208.123.73.18.443 > 192.168.1.13.1864: tcp 31
19:51:14.679125 IP 208.123.73.18.443 > 192.168.1.13.1864: tcp 0
19:51:14.679376 IP 208.123.73.18.443 > 192.168.1.13.1867: tcp 31
19:51:14.679500 IP 208.123.73.18.443 > 192.168.1.13.1867: tcp 0
19:51:14.679625 IP 208.123.73.18.443 > 192.168.1.13.1865: tcp 31
19:51:14.679750 IP 208.123.73.18.443 > 192.168.1.13.1865: tcp 0
19:51:14.681647 IP 192.168.1.13.1864 > 208.123.73.18.443: tcp 0
19:51:14.682272 IP 192.168.1.13.1864 > 208.123.73.18.443: tcp 0
19:51:14.682278 IP 192.168.1.13.1867 > 208.123.73.18.443: tcp 0
19:51:14.682896 IP 192.168.1.13.1865 > 208.123.73.18.443: tcp 0
19:51:14.683396 IP 192.168.1.13.1865 > 208.123.73.18.443: tcp 0
19:51:14.769699 IP 208.123.73.18.443 > 192.168.1.13.1863: tcp 31
19:51:14.769823 IP 208.123.73.18.443 > 192.168.1.13.1863: tcp 0
19:51:14.773469 IP 192.168.1.13.1863 > 208.123.73.18.443: tcp 0
19:51:14.774093 IP 192.168.1.13.1863 > 208.123.73.18.443: tcp 0
19:51:16.590047 IP 192.168.1.13.53676 > 192.168.1.1.53: UDP, length 34
19:51:17.582475 ARP, Request who-has 192.168.1.1 (00:24:81:81:df:31) tell 192.168.1.13, length 46
19:51:17.582480 ARP, Reply 192.168.1.1 is-at 00:24:81:81:df:31, length 28

Derelict

Yeah. Don't set source ports on your rules. Notice the random nature of the source ports in your capture?

DigitalDick

Hi,

Thanks for the reply. I have done what you have said and re-created the rules however it still not working. Below is a packet capture:

08:54:50.126059 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 0
08:54:50.126100 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 0
08:54:50.126103 IP 192.168.1.13.1816 > 191.232.139.180.443: tcp 0
08:54:50.127680 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 0
08:54:50.128304 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 196
08:54:50.128318 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 0
08:54:50.130476 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 1460
08:54:50.130481 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 389
08:54:50.130802 IP 192.168.1.13.1817 > 191.232.139.180.443: tcp 0
08:54:50.132177 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 0
08:54:50.136800 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 0
08:54:50.136811 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 0
08:54:50.136858 IP 192.168.1.1.443 > 192.168.1.13.1815: tcp 0
08:54:50.138798 IP 192.168.1.13.1815 > 192.168.1.1.443: tcp 0
08:54:51.126729 IP 192.168.1.13.1816 > 191.232.139.180.443: tcp 0
08:54:51.142595 IP 192.168.1.13.1817 > 191.232.139.180.443: tcp 0
08:54:52.017469 IP 192.168.1.13.1814 > 134.170.58.118.443: tcp 0
08:54:52.955174 IP 192.168.1.13.1784 > 87.237.19.20.80: tcp 553
08:54:52.971290 IP 192.168.1.13.1818 > 87.237.19.39.443: tcp 0
08:54:52.982845 IP 87.237.19.20.80 > 192.168.1.13.1784: tcp 500
08:54:52.984532 IP 192.168.1.13.1784 > 87.237.19.20.80: tcp 0
08:54:52.986281 IP 192.168.1.13.1819 > 87.237.19.39.443: tcp 0
08:54:53.127200 IP 192.168.1.13.1816 > 191.232.139.180.443: tcp 0
08:54:53.158182 IP 192.168.1.13.1817 > 191.232.139.180.443: tcp 0
08:54:53.486119 IP 192.168.1.13.1809 > 52.1.243.194.443: tcp 0
08:54:53.891136 IP 192.168.1.13.1820 > 87.237.19.34.80: tcp 0
08:54:53.900937 IP 87.237.19.34.80 > 192.168.1.13.1820: tcp 0
08:54:53.902627 IP 192.168.1.13.1820 > 87.237.19.34.80: tcp 0
08:54:53.903252 IP 192.168.1.13.1820 > 87.237.19.34.80: tcp 553
08:54:53.913553 IP 87.237.19.34.80 > 192.168.1.13.1820: tcp 0
08:54:53.928919 IP 87.237.19.34.80 > 192.168.1.13.1820: tcp 500
08:54:53.930486 IP 192.168.1.13.1820 > 87.237.19.34.80: tcp 0
08:54:53.932110 IP 192.168.1.13.1821 > 87.237.19.34.443: tcp 0
08:54:53.986455 IP 192.168.1.13.1810 > 40.77.226.250.443: tcp 0
08:54:53.986462 IP 192.168.1.13.1818 > 87.237.19.39.443: tcp 0
08:54:53.986468 IP 192.168.1.13.1819 > 87.237.19.39.443: tcp 0
08:54:54.939906 IP 192.168.1.13.1821 > 87.237.19.34.443: tcp 0
08:54:55.439744 IP 192.168.1.13.1813 > 104.81.3.148.443: tcp 0
08:54:55.541683 IP 192.168.1.13.59294 > 192.168.1.1.53: UDP, length 34
08:54:55.550491 IP 192.168.1.1.53 > 192.168.1.13.59294: UDP, length 202
08:54:55.553426 IP 192.168.1.13.1822 > 31.13.90.36.443: tcp 0
08:54:55.553434 IP 192.168.1.13.1823 > 31.13.90.36.443: tcp 0
08:54:55.986677 IP 192.168.1.13.1818 > 87.237.19.39.443: tcp 0
08:54:55.986687 IP 192.168.1.13.1819 > 87.237.19.39.443: tcp 0
08:54:56.565094 IP 192.168.1.13.1822 > 31.13.90.36.443: tcp 0
08:54:56.565102 IP 192.168.1.13.1823 > 31.13.90.36.443: tcp 0
08:54:56.940502 IP 192.168.1.13.1821 > 87.237.19.34.443: tcp 0
08:54:58.018256 IP 192.168.1.13.1814 > 134.170.58.118.443: tcp 0
08:54:58.550074 ARP, Request who-has 192.168.1.1 (00:24:81:81:df:31) tell 192.168.1.13, length 46
08:54:58.550083 ARP, Reply 192.168.1.1 is-at 00:24:81:81:df:31, length 28
08:54:58.565439 IP 192.168.1.13.1822 > 31.13.90.36.443: tcp 0
08:54:58.565446 IP 192.168.1.13.1823 > 31.13.90.36.443: tcp 0
08:54:59.988369 IP 192.168.1.13.1824 > 87.237.19.25.443: tcp 0
08:54:59.988380 IP 192.168.1.13.1825 > 87.237.19.25.443: tcp 0

And I have added Firewall Log and Firewall Rule.

Any other ideas please ?

C1.JPG_thumb

R1.JPG_thumb

Derelict

What rule does it say is blocking those connections to port 443 when you click the red X in the firewall log?

(If that firewall log is an example of that happens when you have the default rule disabled, you are only passing 443 from source any to destination LAN net because you have the source and destination networks backwards. When you look at what you posted isn't that pretty obvious?)

DigitalDick

Hi,

The rule blocking it is attached.

I'm new to firewalling and hence asking the questions, if you could explain where I'm going wrong and how to interpret the log better please feel free to tell me as I'm losing the will to live :( haha

Thanks again :)

LOG1.JPG_thumb

DigitalDick

Hi,

Sussed it, rule 443 was as you said, now its working :)

Thanks,
Rich