EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 19 November 2024, 09:35:39 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
[EFW 2.4] System Access Policies not working
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: [EFW 2.4] System Access Policies not working (Read 17034 times)
edgeconsults
Jr. Member
Offline
Posts: 9
[EFW 2.4] System Access Policies not working
«
on:
Thursday 22 July 2010, 09:34:25 am »
I have been using 2.2 all this time because the nic's on the boxes i'm using were not compatible with 2.3. I have been testing 2.4 now and the have had no problems with the NIC realtek 8168. Everything works great with one exception.
I have tried to configure the system access policy to allow access to the router via SSH and 10443 from the red interface but it does not work. It works on 2.2 but not 2.4.
Any ideas?
the http proxy works great. port forwarding works great. outgoing firewall works great too. just the system access firewall does not. i have not tried vpn because i am stuck trying to figure out why the system is not allowing access from the red interface to the box via ssh and 10443.
Thanks
Edwin
Logged
edgeconsults
Jr. Member
Offline
Posts: 9
Re: [EFW 2.4] System Access Policies not working
«
Reply #1 on:
Thursday 22 July 2010, 09:43:42 am »
I just tried modifying the system access rules and only having 1 rule.
source address: blank
source interface: red
service: any
protocol: any
policy action: allow
enabled: checked
i also tried this
source address: blank
source interface: red
service: all
protocol: tcp+udp
policy action: allow
enabled: checked
and still no luck.
i can however ping the box.
any ideas? am i doing something wrong?
thanks
Edwin
Logged
DFen
Full Member
Offline
Posts: 46
Re: [EFW 2.4] System Access Policies not working
«
Reply #2 on:
Friday 23 July 2010, 03:28:18 am »
I have a static IP address and this rule works fine for me for web and SSH access.
<mystaticIP> <ANY> TCP/10443 TCP/80 TCP/22 ALLOW
Logged
johnthecomputerguy
Jr. Member
Offline
Posts: 1
Re: [EFW 2.4] System Access Policies not working
«
Reply #3 on:
Saturday 31 July 2010, 12:43:03 pm »
I am seeing this exact same issue. Machine is a Dell Precision 390 workstation with the onboard Broadcom NIC being used for WAN. System access rules are not being processed properly it seems. Will try to swap WAN with one of the installed Intel PCI NICs to see if it is a driver issue.
Logged
DFen
Full Member
Offline
Posts: 46
Re: [EFW 2.4] System Access Policies not working
«
Reply #4 on:
Sunday 01 August 2010, 01:15:04 am »
Hi
I have tried some tests on my test machine
uplink main RED (DHCP) is down so has no IP INACTIVE
uplink test is defined as a gateway over Green (defaut gateway: 192.168.1.1) and is up
If I add rule Firewall->System access
source: blank
interface:any
service: any
policy:allow
enabled
It appears in the chain INPUTFW
ssh to firewall
to see the chain:
iptables -L INPUTFW -nv
If I change the rule to:
source: blank
interface:RED
service: any
policy:allow
enabled
Then nothing appears in the INPUTFW chain
I think this is a (known?) bug in 2.4
Setting the interface to Green or OpenVPN seems to work OK but RED does not.
Work-around
=========
if source IP is defined just set interface to "any"
If no source IP but rule is different for Green etc
Define rules for Green, OpenVPN, Orange etc first
Then define rule for RED but using interface "any"
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 20 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com