EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 09 November 2024, 01:16:19 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14250
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
VPN Support
UDP packets dropped across LAN to LAN
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: UDP packets dropped across LAN to LAN (Read 27833 times)
edro
Jr. Member
Offline
Posts: 1
UDP packets dropped across LAN to LAN
«
on:
Sunday 08 January 2012, 03:12:27 am »
I have configured a LAN to LAN vpn from our Draytek to Endian. The VPN tunnel comes up fine, I can ping, resolve DNS names, access shared files, browse network etc but cannot join the domain at the remote site. Initially I thought it was a DNS issue, but if I create a LAN to LAN with Draytek / Draytek (from another site) I can join domain fine.
Domain Controller is on 192.168.0.0/24 range
Endian (remote site) is on 192.168.3.0/24 range
When I look at the firewall log it is dropping UDP packets from the remote site. When I try to join the domain I see the following entries:
INPUTFW:DROP UDP (eth1) 192.168.0.3:137 -> 255.255.255.255:137
INPUT:DROP UDP (eth1) 192.168.3.10:137 -> 192.168.3.255:137
I have disabled the following:
Outgoing Firewall
VPN Firewall
Interzone Firewall
I have also tried adding rules under the Incoming Firewall Configuration that icnlude
Source
= Any,
Destination
= 0.0.0.0-25.255.255.255,
Service
= <Any>,
Policy
= Allow
Does anyone have any suggestions?
Thanks
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: UDP packets dropped across LAN to LAN
«
Reply #1 on:
Tuesday 10 January 2012, 04:42:41 am »
VPN has its own firewall, VPN Firewall. It's better not to disable the VPN firewall but creating a single allow all rule.
On VPN Firewall, enable it and create a rule Source:ALL Dest:ALL Policy: Allow.
Tick the Log option and track down the traffic: send pings, try to connect to a http:192.168.0.X and check if traffic on TCP port 80 is allowed, etc...
Logged
ruhllatio
Full Member
Offline
Posts: 10
Re: UDP packets dropped across LAN to LAN
«
Reply #2 on:
Sunday 19 February 2012, 06:56:42 am »
edro,
The traffic you are seeing being denied has nothing to do with VPN traffic. It is simply stating that the INPUTFW (that you can find under Firewall -> System Access) is dropping broadcast traffic on your LAN interface. This System Access firewall protects the FW and its services. It does not hamper any routed traffic, only packets destined for the FW itself. Broadcast packets reach every node in a broadcast domain; thus the firewall is simply dropping its copy of the packet. One of your internal machines is broadcasting NetBIOS-NS packets (used to determine the NetBIOS name of a destination). This is normal dropped traffic that everyone would see in their log were they to have NetBIOS configured hosts (typically Windows machines) behind their firewall.
Keep looking in the log when you attempt to join the domain. If the firewall is blocking it you will see it. Don't be afraid to add a few extra logs to the output. Specifically Intrusion Prevention if you run it to make sure it's not picking up on anything.
Chris
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com