« previous next »
Pages: [1]

Author Topic: [SOLVED]Firewall blocking LAN IP  (Read 3231 times)

fuse

  • Zen Monk
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
[SOLVED]Firewall blocking LAN IP
« on: November 28, 2011, 02:57:27 pm »
Hi,
This morning one of the computers in the LAN got blocked by zentyal, if i list the firewall rules and grep for the ip or host of the blocked machine it is listed in the inospoof chain.
Does anyone have any idea how i can manually remove this machine for the chain?

Thanks
« Last Edit: January 07, 2012, 06:42:10 pm by onze »
Logged

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Firewall blocking LAN IP
« Reply #1 on: November 29, 2011, 06:03:50 am »
Can you post an example of the rules, the iptables output and a description of your network?
Logged

fuse

  • Zen Monk
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking LAN IP
« Reply #2 on: November 29, 2011, 10:23:48 am »
Hello,

Rules


Chain fnospoof (1 references)
target     prot opt source               destination         
fdrop      all  --  machine1.domain.tld     anywhere            MAC ! 00:xx:xx:xx:xx:xx
fdrop      all  --  192.168.1.80         anywhere            MAC ! 00:00:00:00:00:00
fdrop      all  --  192.168.1.0/24       anywhere           
fdrop      all  --  172.18.12.0/24       anywhere           
fdrop      all  --  192.168.133.0/24     anywhere           
             destination         

Chain inospoof (1 references)
target     prot opt source               destination         
idrop      all  --  machine1.domain.tld     anywhere            MAC ! 00:xx:xx:xx:xx:xx
idrop      all  --  192.168.1.80         anywhere            MAC ! 00:00:00:00:00:00
idrop      all  --  192.168.1.0/24       anywhere           
idrop      all  --  172.18.12.0/24       anywhere           
idrop      all  --  192.168.133.0/24     anywhere           

My network config is setup as followed,

192.168.1.0 (Internal Network eth0)
172.18.12.0 (Virtual Internet of eth0)

192.168.133.0 (eth1 WAN)

machine1.domain.tld  is the one being blocked by the rule, if i disable the firewall it can contact Zentyal successfully.

Thanks
Logged

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Firewall blocking LAN IP
« Reply #3 on: November 29, 2011, 02:40:18 pm »
I don't understand that virtual internet on a internal network. Please, paste iptables -L -n -v output.
Logged

fuse

  • Zen Monk
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking LAN IP
« Reply #4 on: November 29, 2011, 05:50:37 pm »
Hello,
Attached.
Thanks
Logged

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Firewall blocking LAN IP
« Reply #5 on: December 08, 2011, 08:32:27 am »
Do you have any object members with 00:00:00:00.00:00 as the MAC addr?
Logged

c4rdinal

  • Zen Samurai
  • ****
  • Posts: 341
  • Karma: +4/-0
    • View Profile
Re: Firewall blocking LAN IP
« Reply #6 on: December 08, 2011, 09:43:55 am »
This happened to me when we had a duplicate use of ip address on clients assigned with fixed ip in Network objects.

Check if you have this.
Logged

fuse

  • Zen Monk
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking LAN IP
« Reply #7 on: December 08, 2011, 11:59:55 am »
Quote from: jsalamero on December 08, 2011, 08:32:27 am
Do you have any object members with 00:00:00:00.00:00 as the MAC addr?

Nope.
Logged

fuse

  • Zen Monk
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking LAN IP
« Reply #8 on: December 08, 2011, 12:02:49 pm »
Quote from: c4rdinal on December 08, 2011, 09:43:55 am
This happened to me when we had a duplicate use of ip address on clients assigned with fixed ip in Network objects.

Check if you have this.
That was it.

Thanks
« Last Edit: January 07, 2012, 06:41:28 pm by onze »
Logged
Pages: [1]
« previous next »