Author Topic: firewall drop all from internal to ppp0  (Read 343 times)

denis.robel

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +3/-0
    • View Profile
firewall drop all from internal to ppp0
« on: September 23, 2021, 12:51:22 pm »
Hallo,

the firewall is droping all connections from local network to ppp0.
I created a vlan network device eth0.7 manually.

This device I configured as pppoe and mkred it as WAN device.
I can look http/https over proxy from all clients but when I want to go outside from a client directly for the firewall is dropping the connection, like sending emails from local client...

I created a general rule for internal to external networḱs for al services yet but it seems that this rule has no effect.

Is it possible that the external mark of ppp0 device has no effect?

Edit: I'm on the latest Z7.0 community edition
« Last Edit: September 23, 2021, 01:05:58 pm by denis.robel »

denis.robel

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +3/-0
    • View Profile
Re: firewall drop all from internal to ppp0
« Reply #1 on: January 04, 2022, 04:39:33 pm »
Hallo and a happy new year at first...

my problem is still existing:
Code: [Select]
Jan  4 16:31:35 zentyal2 kernel: [111189.117911] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21928 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:36 zentyal2 kernel: [111189.769917] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21929 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:37 zentyal2 kernel: [111191.143295] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21930 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:39 zentyal2 kernel: [111193.173649] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21932 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:40 zentyal2 kernel: [111193.830152] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21933 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:41 zentyal2 kernel: [111195.203753] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21934 PROTO=UDP SPT=63887 DPT=3956 LEN=16

How can I fix this issue?

my network configuration is

internal network <-> eth1 <-> zentyal <-> eth0 <-> eth0.7 <->ppp0 <-> internet

Network access from Zentyal is working fine but from internal network packages are dropped by firewall.

I have firewall rules for internal network to external but it seems that the rules are not working.

denis.robel

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +3/-0
    • View Profile
Re: firewall drop all from internal to ppp0
« Reply #2 on: January 06, 2022, 10:39:27 am »
Hallo,

I fount the reason for that problem:
Zentyal Virtualization Manager takes some influence to the firewall....

When I deactivate it then everything works well. I made no changes on the firewall settings.

That's very ugly.  >:(

Can anybody of Zentyal Dev team check this behaviour?

By the way it's very quiet here for a few weeks.Is Zentyal still alive?