Blocked Connections



  • Hi,

    I am not sure, if it is fully related to the topic/thread, but I would not open an extra thread or double post:

    I am using:
    2.0-RC1 (amd64) built on Fri Apr 15 00:19:55 EDT 2011
    4GB RAM
    Intel(R) Xeon(R) CPU E5506 @ 2.13GHz

    The firewall Log show, that there were blocked connections from hosts which should be allowed to pass.
    Why is this happening ?






  • @Nachtfalke:

    The firewall Log show, that there were blocked connections from hosts which should be allowed to pass.
    Why is this happening ?

    You haven't provided enough information. Please explain why you think your rules should have allowed the logged packets. The first log entry doesn't match the first LAN firewall rule and probably doesn't match the second LAN firewall rule.


  • Rebel Alliance Developer Netgate

    I split the topic because it was completely unrelated to the other thread. When in doubt, start a new thread.



  • @wallabybob:

    @Nachtfalke:

    The firewall Log show, that there were blocked connections from hosts which should be allowed to pass.
    Why is this happening ?

    You haven't provided enough information. Please explain why you think your rules should have allowed the logged packets. The first log entry doesn't match the first LAN firewall rule and probably doesn't match the second LAN firewall rule.

    I am sorry. I corrected the firewall_log picture above.
    The firewall rules you can see on the other picture are all my rules. there are no other rules on the interface LAN and TESTLAN.

    Interface LAN has:
    172.17.0.1/22

    Interface TESTLAN has:
    172.17.4.1/22

    Which other information do you need ?



  • Using the KISS approach try removing the aliases and using the subnet range directly in CIDR notation just to rule out anything strange in the network aliases.



  • Just to make clear. This are the "system made" Aliases and not my own. But I will try it in CIDR.

    I have to add, that these IPs above weren't blocked all the time. In general it works but sometimes they get blocked.
    So it is a little bit hard to try out. Could this be because of squid restarting process or if I applied other firewall rules on another interface ?



  • Is it not because of the RA flags? I get these from time to time as well, it does not interfere with traffic for me. Are you having any visible issues with the clients, such as not able to browse a website?



  • @heavy1metal:

    Is it not because of the RA flags? I get these from time to time as well, it does not interfere with traffic for me. Are you having any visible issues with the clients, such as not able to browse a website?

    Some users told me, that it works in general without any problem.
    But from time to time there is a short lag and browsing doesn't respond as fast as generally.

    I change the firewall optimization options from normal to conservative but without luck.

    What does the TCP_RA flag mean ? Could you explain that to me, please ?



  • I'm not fully sure, but I remember reading somewhere about half-open connections being blocked by default. What the RA stands for is A for ack(acknowledge) and rst(reset). This is a packet sent to restart the TCP transmission. This is considered a half-open connection.

    I'm still in the learning phase so I'm definitely not 100% on this, but I do know I get the same packets blocked from time to time. One possibility is the connection with whatever IP has already been dropped and the computer is still sending this packet without a state.





  • Great!

    Now I know, this is not responsible for the lag of response while surfing the web which several users reported to me. I will try an actual snapshot and create a new thread if I cannot resolve the problem on my own.

    Thanks!


Locked