This is driving me bonkers.
Full disclaimer: I am NOT a Linux expert.
There are a number of websites and services that aren't working due to this issue of this traffic being dropped. Some Microsoft and Apple services as well as various other services that use https. However, I can connect to some websites (e.g. office365, google, Zenyal forums) with no problem.
I've been able to establish that Port 443 is referenced in iptables (iglobal chain) explicitly as being allowed.
I have done a traceroute on some of IP addresses that are showing in the logs as have dropped traffic on port 443 and it succeeds.
So would I be right in assuming then that some of the traffic (log example below) is being dropped because for some reason it isn't being identified as part of the iglobal chain? And if that's the case, why would that be (when the traceroute was successful)? What steps can I take to troubleshoot this?
I don't know if this will be help you help me but I am at a total loss and pulling out what little hair I have left.
From iptables:
Chain INPUT (policy DROP)
iglobal all -- 0.0.0.0/0 0.0.0.0/0
Chain iglobal (1 references)
iaccept tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
From log:
Feb 6 12:47:10 server02 kernel: [861297.589581] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.173.66.103 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55542 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb 6 12:47:10 server02 kernel: [861297.589751] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.139.246.5 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55550 DPT=44 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb 6 12:47:10 server02 kernel: [861297.763496] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=17.56.48.13 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55553 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Feb 6 12:47:25 server02 kernel: [861312.410993] zentyal-firewall drop IN=eth0 OUT=eth1 MAC=xxx SRC=192.168.1.x DST=72.30.3.10 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=56062 DPT=443 WINDOW=2048 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1