Title: UDP packets dropped across LAN to LAN Post by: edro on Sunday 08 January 2012, 03:12:27 am I have configured a LAN to LAN vpn from our Draytek to Endian. The VPN tunnel comes up fine, I can ping, resolve DNS names, access shared files, browse network etc but cannot join the domain at the remote site. Initially I thought it was a DNS issue, but if I create a LAN to LAN with Draytek / Draytek (from another site) I can join domain fine.
Domain Controller is on 192.168.0.0/24 range Endian (remote site) is on 192.168.3.0/24 range When I look at the firewall log it is dropping UDP packets from the remote site. When I try to join the domain I see the following entries: INPUTFW:DROP UDP (eth1) 192.168.0.3:137 -> 255.255.255.255:137 INPUT:DROP UDP (eth1) 192.168.3.10:137 -> 192.168.3.255:137 I have disabled the following: Outgoing Firewall VPN Firewall Interzone Firewall I have also tried adding rules under the Incoming Firewall Configuration that icnlude Source = Any, Destination = 0.0.0.0-25.255.255.255, Service = <Any>, Policy = Allow Does anyone have any suggestions? Thanks Title: Re: UDP packets dropped across LAN to LAN Post by: mrkroket on Tuesday 10 January 2012, 04:42:41 am VPN has its own firewall, VPN Firewall. It's better not to disable the VPN firewall but creating a single allow all rule.
On VPN Firewall, enable it and create a rule Source:ALL Dest:ALL Policy: Allow. Tick the Log option and track down the traffic: send pings, try to connect to a http:192.168.0.X and check if traffic on TCP port 80 is allowed, etc... Title: Re: UDP packets dropped across LAN to LAN Post by: ruhllatio on Sunday 19 February 2012, 06:56:42 am edro,
The traffic you are seeing being denied has nothing to do with VPN traffic. It is simply stating that the INPUTFW (that you can find under Firewall -> System Access) is dropping broadcast traffic on your LAN interface. This System Access firewall protects the FW and its services. It does not hamper any routed traffic, only packets destined for the FW itself. Broadcast packets reach every node in a broadcast domain; thus the firewall is simply dropping its copy of the packet. One of your internal machines is broadcasting NetBIOS-NS packets (used to determine the NetBIOS name of a destination). This is normal dropped traffic that everyone would see in their log were they to have NetBIOS configured hosts (typically Windows machines) behind their firewall. Keep looking in the log when you attempt to join the domain. If the firewall is blocking it you will see it. Don't be afraid to add a few extra logs to the output. Specifically Intrusion Prevention if you run it to make sure it's not picking up on anything. Chris |