Author Topic: Firewall rules not working  (Read 1319 times)

a.mcdear

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Firewall rules not working
« on: September 23, 2011, 12:06:39 pm »
I recently upgraded my firewall from Zentyal 2.0 to Zentyal 2.2, and I'm having a problem with certain firewall rules not working. Has there been a change in the way Zentyal interprets firewall rules between 2.0 and 2.2? Help! Sorry for the lengthy post, but I want to be specific so you know exactly what I've done so far. Here's the situation:

This Zentyal 2.2 box sits in between our "perimeter" network and our "internal" network. Our perimeter network is 10.10.10.0/23, our external interface has an IP on this network. The internal network is 10.10.20.0/23 and the internal interface is the gateway for this network and is IP 10.10.20.1.
The modules installed are DNS, Firewall, Objects, Services, and Monitoring, Installed fresh from CD.

Previously, i could set up an object called "Network Printers" with the IPs of all the networked printers on the internal network. We have a few devices on the external network (a perimeter really, which includes all our wireless devices) which need to print. I would then create another group called "Allowed to print" or something similar which contained all the IP addresses of those clients who have ability to print through the firewall.

Next I would go to the firewall, to the "External networks to Internal Networks" section. I would then make a rule that says Allow any TCP traffic from group "Allowed to Print" to pass to printers on the internal network in the group "Network Printers"

Doing it in this manner has always worked before from ebox 1.4 through Zentyal 2.0 just fine, unless I am missing something and just can't remember it. I also have similar rules set up which allow my tablet on the wireless network (on the external side of Zentyal) to pass through the firewall to access remote desktop on a few of the servers we have on the internal network. These rules also also not working, and my traffic is stopped at the firewall and not passed to the desired machines on the internal network.

Just to be sure something was not working correctly, I created a rule at the top of the list which said to pass any traffic from the external network to any destination on the internal network, and still no traffic will pass.

Can anybody else help me out, or duplicate the issue if its a bug? Thanks!

-Andy
« Last Edit: September 23, 2011, 12:14:31 pm by a.mcdear »

a.mcdear

  • Zen Apprentice
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Firewall rules not working
« Reply #1 on: September 23, 2011, 07:57:03 pm »
It seems to affect traffic going inbound from external to internal only. Port forwards are affected as well. Am I doing something wrong?

All of my internal -> Zentyal rules work just fine, and so do my internal -> internal rules..

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Firewall rules not working
« Reply #2 on: September 30, 2011, 10:42:10 am »
Do you have the routes to reach internal network properly setup? Can you show us that? Can you pastebin your iptables -L -n -v output too?