Why are these internal connections blocked?
-
Hi,
I have rules so all internal subnets can communicate freely, but there are always blocks in the firewall log. Can someone please explain that to me? Thanks.
I have to say that the communication between the subnets seems to work somehow that's why I am wondering where these block messages come from.
I have 2.2_RC Sun 14th build installed.
Can the first blocks (Port 445) be because the unit is sleeping? Are these logged as blocks then? And after wake-up there are no more entries then. EDIT This is not the problem as this happens again and again, but everything seems to work ?!?!
EDIT removed pics as they had somehow clear IPs in it and for me this is solved. Sorry, the next time I'll photoshop out my IP's.
-
Out-of-state packets. Something is sending packets after the conversation is supposedly closed, and those packets are blocked. If you click on the red X at the far left, it will tell you that the packets was blocked by the Default deny rule IPv4.
-
Ok thanks, so everything seems to be ok so far right.
-
So there seems to be a question about out of state like every day or so ;) Might have less questions if firewall out of the box just didn't show those sorts of blocks ;)
-
The big question for me now is : Why can't I stop this from logging with this rule ?
-
So there seems to be a question about out of state like every day or so ;)
I posted something in General a few weeks ago complaining about the same issue. I think JimP replied but the issue wan't settled.
-
That is not blocking out of state that would block syn packets.
You would have to create a rule that blocks traffic with specific flags set, not syn or you would be blocking new traffic. Traffic should be allowed above the rule for new traffic, and then after that the states should allow it through. So if you set say flags of PUSH and ACK on your on your flags, or that last one is RST and ACK - if state did not let it in your could block it with such a rule.
Your rule is also saying that source is 445.. In your log the dest is 445, and source is 50385 (random above 1024). Your rule also says the source is lan net, but in your log interface is vpnlan.. So even if you were blocking based on flags that rule seems to be on the wrong interface, with the wrong direction and ports, etc.
-
You were looking in the first post for the log and the rule, but I put another log with one line into the last post where I also put the rule (Event.jpg)
For this log it is the right rule and port side, I have that from both NICs vice versa.But thank you for you explanation.