|
Title: Internet Access problem in Gateway mode Post by: q12345 on Sunday 30 March 2014, 05:29:33 pm Hello!
I'm using EFW 3.0. I can share internet through Transparent & not-transparent Proxy. Also I can share internet through PPPoE without Proxy. But when I connect my Endian Firewall to another server to get internet my clients that are connected to the EFW can't browse websites. Clients can ping and traceroute and telnet google.com 80/443, but they can't access to the internet. In additional when I see the Firewall logs I see that FW marked it 0x00 (BADTCP). Snort IDS, Outgoing/Interzone/Input/VPN firewall and Proxy are off. My Ethernet adapter is intel e1000e/version: 2.5.4-NAPI/ firmware-version: 2.1-0 CPU: Intel(R) Core(TM) i7-3770 Can you help me what is the problem? Title: Re: Internet Access problem in Gateway mode Post by: q12345 on Monday 31 March 2014, 04:13:52 am In fact I receive following error log:
ulogd [7821]: BADTCP:DROP IN=br0 OUT=br0 MAC=b4:01:0e:03:a6:95:22:21:e6:5f:af:aa:08:00 SRC=192.168.1.11 DST=98.139.183.24 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=2599 DF PROTO=TCP SPT=59900 DPT=80 SEQ=1706148179 ACK=1305577627 WINDOW=4420 ACK URGP=0 MARK=0 Title: Re: Internet Access problem in Gateway mode Post by: q12345 on Monday 31 March 2014, 06:02:32 pm Waiting for a reply!
I see the iptables log and understand that my request to site will be invalid tcp packet. I don't know why? When I use iptables -I BADTCP_LOGDROP -j RETURN it will be good. BADTCP_LOGDROP is a chain for invalid packets. How can I understand that what's the reason of TCP packet fault? Thanks |