« previous next »
Pages: [1]

Author Topic: Zentyal 2.2: FW drops packets  (Read 3703 times)

christian

  • Guest
Zentyal 2.2: FW drops packets
« on: January 09, 2014, 02:07:37 pm »
Are you guys facing similar issue ?

Notice that I've applied (system) updates couple of hours ago but didn't reboot yet.

Code: [Select]
Jan  9 14:00:53 igws kernel: [2950047.420472] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=132.163.4.101 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=40213 DF PROTO=UDP SPT=55660 DPT=123 LEN=56 MARK=0x2
Jan  9 14:01:23 igws kernel: [2950077.430901] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=132.163.4.101 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=43214 DF PROTO=UDP SPT=55080 DPT=123 LEN=56 MARK=0x2
Jan  9 14:01:54 igws kernel: [2950107.597145] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=46229 DF PROTO=UDP SPT=44854 DPT=123 LEN=56 MARK=0x2
Jan  9 14:01:57 igws kernel: [2950110.594229] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=46529 DF PROTO=UDP SPT=42684 DPT=123 LEN=56 MARK=0x2
Jan  9 14:02:27 igws kernel: [2950140.611589] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=49528 DF PROTO=UDP SPT=41599 DPT=123 LEN=56 MARK=0x2
Jan  9 14:02:57 igws kernel: [2950170.622138] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=52529 DF PROTO=UDP SPT=57239 DPT=123 LEN=56 MARK=0x2
Jan  9 14:03:27 igws kernel: [2950200.632354] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=55530 DF PROTO=UDP SPT=43928 DPT=123 LEN=56 MARK=0x2
Jan  9 14:03:57 igws kernel: [2950230.635321] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=58529 DF PROTO=UDP SPT=52746 DPT=123 LEN=56 MARK=0x2
Jan  9 14:04:27 igws kernel: [2950260.652969] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.1 DST=128.138.141.172 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=61528 DF PROTO=UDP SPT=59623 DPT=123 LEN=56 MARK=0x2
Logged

christian

  • Guest
Re: Zentyal 2.2: FW dropping packets
« Reply #1 on: January 09, 2014, 02:29:04 pm »
Reboot doesn't fix the issue that is not related to NTP only neither to LAN to internet or Zentyal to Internet. Here an extract, after reboot, showing packets from LAN to Zentyal being dropped too

Code: [Select]
Jan  9 14:25:32 igws kernel: [  266.361053] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:e0:cb:4e:09:2d:fb:08:00 SRC=192.168.10.42 DST=192.168.10.252 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=375 DF PROTO=TCP SPT=54491 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 14:25:32 igws kernel: [  266.369025] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:e0:cb:4e:09:2d:fb:08:00 SRC=192.168.10.42 DST=192.168.10.252 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=376 DF PROTO=TCP SPT=54490 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 14:25:46 igws kernel: [  280.074115] ebox-firewall drop IN=eth1 OUT=eth0 SRC=192.168.10.39 DST=23.50.177.224 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=21114 DF PROTO=TCP SPT=65511 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 14:25:53 igws kernel: [  287.342461] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:c4:85:08:39:ea:d1:08:00 SRC=192.168.10.30 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=561 DF PROTO=TCP SPT=56168 DPT=1443 WINDOW=16102 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 14:25:56 igws kernel: [  289.710271] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:c4:85:08:39:ea:d1:08:00 SRC=192.168.10.30 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=582 PROTO=UDP SPT=53518 DPT=5351 LEN=20 MARK=0x2
Jan  9 14:25:56 igws kernel: [  289.958551] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:c4:85:08:39:ea:d1:08:00 SRC=192.168.10.30 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=583 PROTO=UDP SPT=53518 DPT=5351 LEN=20 MARK=0x2
Jan  9 14:25:56 igws kernel: [  290.458538] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:c4:85:08:39:ea:d1:08:00 SRC=192.168.10.30 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=584 PROTO=UDP SPT=53518 DPT=5351 LEN=20 MARK=0x2
Jan  9 14:25:57 igws kernel: [  291.458518] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:c4:85:08:39:ea:d1:08:00 SRC=192.168.10.30 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=585 PROTO=UDP SPT=53518 DPT=5351 LEN=20 MARK=0x2
Logged

christian

  • Guest
Re: Zentyal 2.2: FW drops packets
« Reply #2 on: January 09, 2014, 06:06:46 pm »
Interesting enough: Zentyal is now dropping packets from LAN to proxy (port 3128)  :o

Code: [Select]
Jan  9 17:53:23 igws kernel: [12737.414894] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=13992 DF PROTO=TCP SPT=49677 DPT=3128 WINDOW=16330 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 17:53:23 igws kernel: [12737.414950] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=13993 DF PROTO=TCP SPT=49675 DPT=3128 WINDOW=16341 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 17:53:28 igws kernel: [12742.214962] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14070 DF PROTO=TCP SPT=49677 DPT=3128 WINDOW=16330 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 17:53:28 igws kernel: [12742.215016] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14071 DF PROTO=TCP SPT=49675 DPT=3128 WINDOW=16341 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 17:53:28 igws kernel: [12742.215935] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14072 DF PROTO=TCP SPT=49676 DPT=3128 WINDOW=16341 RES=0x00 ACK FIN URGP=0 MARK=0x2
Jan  9 17:53:30 igws kernel: [12744.525906] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14076 DF PROTO=TCP SPT=49660 DPT=3128 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 17:53:38 igws kernel: [12751.814681] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14172 DF PROTO=TCP SPT=49677 DPT=3128 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 17:53:38 igws kernel: [12751.814735] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14173 DF PROTO=TCP SPT=49675 DPT=3128 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2
Jan  9 17:53:38 igws kernel: [12751.815691] ebox-firewall drop IN=eth1 OUT= MAC=68:05:ca:01:b5:6c:00:1b:fc:db:55:3c:08:00 SRC=192.168.10.32 DST=192.168.10.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14174 DF PROTO=TCP SPT=49676 DPT=3128 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x2

Still it works but that's strange...
Logged
Pages: [1]
« previous next »