Author Topic: Zentyal 6 - HTTPS packets dropped  (Read 336 times)

BaggyG

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Zentyal 6 - HTTPS packets dropped
« on: January 09, 2019, 10:57:18 am »
Hi there,

I have recently upgraded to Zentyal 6.0.  Since then, I noticed that there are lots of packets being dropped (source: internal destination: external port: 443).  I have no rules that should be blocking this set up (in fact I have any/any/any) for Packet Filter>Internal Networks.

I looked up a few of the IP addresses (small sample) and it came up with Microsoft and Facebook as being the destinations.  I'll also note that SmartScreen (Windows 10) no longer works.

So it seems that there are some rules somewhere that are set to drop packets based on some criteria that I have no control over through the GUI.  Does anyone have any suggestions on how I might be able to troubleshoot this?

Edit:  I should mention that I have this running on Citrix XenServer 7.6.  Although I don't think that should matter.

Thanks.
« Last Edit: January 13, 2019, 02:56:25 am by BaggyG »

BaggyG

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Zentyal 6 - HTTPS packets dropped
« Reply #1 on: February 06, 2019, 02:54:27 am »
This is driving me bonkers.

Full disclaimer:  I am NOT a Linux expert.

There are a number of websites and services that aren't working due to this issue of this traffic being dropped.  Some Microsoft and Apple services as well as various other services that use https.  However, I can connect to some websites (e.g. office365, google, Zenyal forums) with no problem.

I've been able to establish that Port 443 is referenced in iptables (iglobal chain) explicitly as being allowed.

I have done a traceroute on some of IP addresses that are showing in the logs as have dropped traffic on port 443 and it succeeds.

So would I be right in assuming then that some of the traffic (log example below) is being dropped because for some reason it isn't being identified as part of the iglobal chain?  And if that's the case, why would that be (when the traceroute was successful)?  What steps can I take to troubleshoot this?

I don't know if this will be help you help me but I am at a total loss and pulling out what little hair I have left.

From iptables:
Code: [Select]
Chain INPUT (policy DROP)
iglobal    all  --  0.0.0.0/0            0.0.0.0/0

Chain iglobal (1 references)
iaccept    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW

From log:
Code: [Select]
Feb  6 12:47:10 server02 kernel: [861297.589581] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.173.66.103 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55542 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb  6 12:47:10 server02 kernel: [861297.589751] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.139.246.5 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55550 DPT=44  WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb  6 12:47:10 server02 kernel: [861297.763496] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.56.48.13 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55553 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb  6 12:47:25 server02 kernel: [861312.410993] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=72.30.3.10 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=56062 DPT=443 WINDOW=2048 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
« Last Edit: February 06, 2019, 03:44:23 am by BaggyG »