Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 10:25:40 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  UDP packets dropped across LAN to LAN
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: UDP packets dropped across LAN to LAN  (Read 30364 times)
edro
Jr. Member
*
Offline Offline

Posts: 1


« on: Sunday 08 January 2012, 03:12:27 am »

I have configured a LAN to LAN vpn from our Draytek to Endian. The VPN tunnel comes up fine, I can ping, resolve DNS names, access shared files, browse network etc but cannot join the domain at the remote site. Initially I thought it was a DNS issue, but if I create a LAN to LAN with Draytek / Draytek (from another site) I can join domain fine.

Domain Controller is on 192.168.0.0/24 range
Endian (remote site) is on 192.168.3.0/24 range

When I look at the firewall log it is dropping UDP packets from the remote site. When I try to join the domain I see the following entries:

INPUTFW:DROP UDP (eth1) 192.168.0.3:137 -> 255.255.255.255:137
INPUT:DROP UDP (eth1) 192.168.3.10:137 -> 192.168.3.255:137

I have disabled the following:
Outgoing Firewall
VPN Firewall
Interzone Firewall

I have also tried adding rules under the Incoming Firewall Configuration that icnlude
Source = Any, Destination = 0.0.0.0-25.255.255.255, Service = <Any>, Policy = Allow

Does anyone have any suggestions?

Thanks
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 10 January 2012, 04:42:41 am »

VPN has its own firewall, VPN Firewall. It's better not to disable the VPN firewall but creating a single allow all rule.
On VPN Firewall, enable it and create a rule Source:ALL Dest:ALL Policy: Allow.
 Tick the Log option and track down the traffic: send pings, try to connect to a http:192.168.0.X  and check if traffic on TCP port 80 is allowed, etc...
Logged
ruhllatio
Full Member
***
Offline Offline

Posts: 10


« Reply #2 on: Sunday 19 February 2012, 06:56:42 am »

edro,

The traffic you are seeing being denied has nothing to do with VPN traffic.  It is simply stating that the INPUTFW (that you can find under Firewall -> System Access) is dropping broadcast traffic on your LAN interface.  This System Access firewall protects the FW and its services.  It does not hamper any routed traffic, only packets destined for the FW itself.  Broadcast packets reach every node in a broadcast domain; thus the firewall is simply dropping its copy of the packet.  One of your internal machines is broadcasting NetBIOS-NS packets (used to determine the NetBIOS name of a destination).  This is normal dropped traffic that everyone would see in their log were they to have NetBIOS configured hosts (typically Windows machines) behind their firewall.

Keep looking in the log when you attempt to join the domain.  If the firewall is blocking it you will see it.  Don't be afraid to add a few extra logs to the output.  Specifically Intrusion Prevention if you run it to make sure it's not picking up on anything.

Chris
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com