Author Topic: Firewall drops random packets on proxy and http ports  (Read 1191 times)

ovecka

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +5/-0
    • View Profile
Firewall drops random packets on proxy and http ports
« on: April 04, 2018, 07:56:12 pm »
Hi,
I'm trying to figure out why our Zentyal firewall sometimes drops packets that by the rules should go through easily.

Our 3.5 Zentyal is connected to eth0 (internal) parallel to all other devices and acts as a PDC, DHCP, RADIUS  server and an explicit proxy for around 50 devices. NATting is done on VDSL modem which is set as a default gateway and properly distributed to clients by DHCP. Everything kind of works correctly but for the past two weeks, the firewall module has started dropping some packets from random devices on ports 3128 (inbound) and 80 (outbound) even though the Zentyal outbound traffic rule is set to allow everything and I didn't alter any HTTP proxy service rule. Even explicitly creating a rule to allow port 3128 traffic in "Internal networks to Zentyal" (and setting it as the topmost) doesn't solve the problem and the dropping continues (see picture below). On those affected devices, everything seems to work including internet. Apparently, only a very small fraction of packets is dropped so the user doesn't notice anything while browsing.

The only change I made in /etc/zentyal/firewall.conf is changing nat_enable to "no"
I didn't make any changes to iptables or firewall.postservice hook.

Is it a bug or it has something to do with spoofing protection? Any ideas or advices?

Unfortunately, I can't add any images and iptables printout to the post (upload folder full).