Java downloads not getting through despite Allow All rule



  • We have some software that tries to download a Java package every time it is opened. If I disable the firewall completely, the download works fine. If the firewall is enabled, the download fails. I've tested by creating an Allow All rule on the Lan interface and disabling all other outbound rules with no success. I've disabled all add-on packages (squid, snort, etc) with no success. The only thing that works is to disable the firewall in System\Advanced\Firewall. This is a very simple setup. Single LAN interface and single WAN interface.


  • Netgate Administrator

    You have public IPs on the LAN then? That would also disable NAT which usually prevents everything working.

    The only thing I can suggest there is disabling pf-scrub on that same page. If that software is generating packets that are somehow scrubbed and break that would do it. That's usually a sign the software is doing something wrong though.

    Steve



  • I'm sorry, I failed to mention that this firewall is running in transparent mode. I tried disabling PFScrub, but no luck. Strange thing is, there are a handful of computers that the software works on, and, on a very rare occasion, one of the computers that we are having trouble with will connect. 99% of the time, though, it will not.



  • @jenningsb said in Java downloads not getting through despite Allow All rule:

    We have some software that tries to download a Java package every time it is opened. If I disable the firewall completely, the download works fine. If the firewall is enabled, the download fails. I've tested by creating an Allow All rule on the Lan interface and disabling all other outbound rules with no success. I've disabled all add-on packages (squid, snort, etc) with no success. The only thing that works is to disable the firewall in System\Advanced\Firewall. This is a very simple setup. Single LAN interface and single WAN interface.

    When you disabled Snort, did you go in to the BLOCKED tab and flush all the blocked IP addresses? Simply turning off Snort will not remove any previously Snort blocked IP addresses.