Title: Firewall dropping packets from Green to FW Mgmt port 10443 Post by: johnc1949 on Sunday 17 February 2013, 02:45:57 am I keep seeing the following log entry in my FW logs.
INPUT:DROP TCP (br0) 192.168.10.68:61356 -> 192.168.10.1:10443-MAC=00:1b:21:58:4f:43:5c:96:9d:8f:83:19:08:00 LEN=40 TOS=00 PREC=0x00 TTL=64 ID=39209 DF SEQ=1212831354 ACK=0 WINDOW=0 RST URGP=0 MARK=0 192.168.10.1 is the IP of my firewalls GREEN interface Eth1/Br0. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:1b:21:58:4f:43 brd ff:ff:ff:ff:ff:ff inet6 fe80::21b:21ff:fe58:4f43/64 scope link valid_lft forever preferred_lft forever 3: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:1b:21:26:37:4b brd ff:ff:ff:ff:ff:ff inet6 fe80::21b:21ff:fe26:374b/64 scope link valid_lft forever preferred_lft forever 4: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:13:d3:b2:a7:c7 brd ff:ff:ff:ff:ff:ff inet ...10/22 brd ...255 scope global eth0 6: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:1b:21:26:37:4b brd ff:ff:ff:ff:ff:ff inet 192.168.20.1/24 brd 192.168.20.255 scope global br1 7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:1b:21:58:4f:43 brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.10.255 scope global br0 I also have verified that the automatically generated System Services rule below is present and active. 6 GREEN TCP/10443 ALLOW Service (ADMIN) I can't seem to track down the cause of this. Sure would be nice if Endian would put the rule number that creating the log entry instead of just the Chain name. I suspect that this is being dropped because of a bad TCP state or flag issue. It is also possible that Endian is not happy that I use eth0 as my RED interface instead of the default eth1. Any advice for how to resolve these annoying log entries would be appreciated. BTW, I am running the Community Appliance, Version 2.5.1 with kernel 2.6.32.43-57.e43.i586 Tks |