Unable to ping or tracrt to one specific external IP from one of 4 SG3100s
-
I have 4 locations all using the SG3100 running 23.01-RELEASE (arm)
built on Fri Feb 10 20:06:58 UTC 2023 FreeBSD 14.0-CURRENT , all use same ISP. We are moving to a new telephone provider. The SIP server is at 209.183.174.20. Three of the units can connect, running ping and tracert from a network PC or the GUI to 209.183.174.20 returns fine. One of the units cant connect, running ping and tracert from a network PC or the GUI to 209.183.174.20 thru that unit fails 100%. I have configured a laptop with the same static IP, plugged directly into the ISP Modem and it works, so its not a blacklist / whitelist situation. That one unit can ping and tracert to all other domains and IPs that I have tried. The issue is specific to this IP and this unit. The problem is in the SG3100 at that location. All locations are configured the same , run VPN site to site etc. I have looked thru all settings and compared unit to unit and I just do not see what could be causing this. Nothing in any of the logs, all firewall rules are the same.Any thoughts would be greatly appreciated.
-
@apothecaryjohn
Run a packets capture on the WAN, while you try to access the concerned IP from inside your network.
The packets should look like
your WAN address > 209.183.174.20If so and you don't see response packets like
209.183.174.20 > your WAN address
all might be well on your site. The issue must be in the ISPs network then. -
I ran the packet capture as you suggested, I do not see any listing of the affected IP 209.183.174.20 in the output?
-
@apothecaryjohn
If there is nothing it must either translated (DNAT, port forwarding), blocked inside, for instance by pfBlocker, or it is routed to another gateway. -
I found the culprit, why it only has been on this one unit, I cant explain. It was being blocked by Snort..
140:20
(spp_sip) Invite replay attackDisabled the rule and it has resolved fine. All 4 units run Snort, only this one has had an issue.
Thank you for your help.
John