Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 09:35:39 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  [EFW 2.4] System Access Policies not working
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: [EFW 2.4] System Access Policies not working  (Read 17034 times)
edgeconsults
Jr. Member
*
Offline Offline

Posts: 9


« on: Thursday 22 July 2010, 09:34:25 am »

I have been using 2.2 all this time because the nic's on the boxes i'm using were not compatible with 2.3.  I have been testing 2.4 now and the have had no problems with the NIC realtek 8168.  Everything works great with one exception.

I have tried to configure the system access policy to allow access to the router via SSH and 10443 from the red interface but it does not work.   It works on 2.2 but not 2.4.

Any ideas?

the http proxy works great.  port forwarding works great.  outgoing firewall works great too.  just the system access firewall does not.  i have not tried vpn because i am stuck trying to figure out why the system is not allowing access from the red interface to the box via ssh and 10443.

Thanks

Edwin

Logged
edgeconsults
Jr. Member
*
Offline Offline

Posts: 9


« Reply #1 on: Thursday 22 July 2010, 09:43:42 am »

I just tried modifying the system access rules and only having 1 rule.

source address:   blank
source interface:  red
service:                any
protocol:              any
policy action:        allow
enabled:              checked

i also tried this

source address:   blank
source interface:  red
service:                all
protocol:              tcp+udp
policy action:        allow
enabled:              checked

and still no luck.

i can however ping the box.

any ideas?  am i doing something wrong?

thanks

Edwin
Logged
DFen
Full Member
***
Offline Offline

Posts: 46


« Reply #2 on: Friday 23 July 2010, 03:28:18 am »

I have a static IP address and this rule works fine for me for web and SSH access.

<mystaticIP>     <ANY>     TCP/10443 TCP/80 TCP/22 ALLOW
Logged
johnthecomputerguy
Jr. Member
*
Offline Offline

Posts: 1


« Reply #3 on: Saturday 31 July 2010, 12:43:03 pm »

I am seeing this exact same issue.  Machine is a Dell Precision 390 workstation with the onboard Broadcom NIC being used for WAN.  System access rules are not being processed properly it seems.  Will try to swap WAN with one of the installed Intel PCI NICs to see if it is a driver issue.
Logged
DFen
Full Member
***
Offline Offline

Posts: 46


« Reply #4 on: Sunday 01 August 2010, 01:15:04 am »

Hi

I have tried some tests on my test machine

uplink main RED (DHCP) is down so has no IP INACTIVE
uplink test is defined as a gateway over Green (defaut gateway: 192.168.1.1) and is up

If I add rule Firewall->System access
source: blank
interface:any
service: any
policy:allow
enabled

It appears in the chain INPUTFW
ssh to firewall
to see the chain:
iptables -L INPUTFW -nv

If I change the rule to:
source: blank
interface:RED
service: any
policy:allow
enabled

Then nothing appears in the INPUTFW chain

I think this is a (known?) bug in 2.4

Setting the interface to Green or OpenVPN seems to work OK but RED does not.

Work-around
=========
if source IP is defined just set interface to "any"

If no source IP but rule is different for Green etc
Define rules for Green, OpenVPN, Orange etc first
Then define rule for RED but using interface "any"
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 20 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com