|
Title: [EFW 2.4] System Access Policies not working Post by: edgeconsults on Thursday 22 July 2010, 09:34:25 am I have been using 2.2 all this time because the nic's on the boxes i'm using were not compatible with 2.3. I have been testing 2.4 now and the have had no problems with the NIC realtek 8168. Everything works great with one exception.
I have tried to configure the system access policy to allow access to the router via SSH and 10443 from the red interface but it does not work. It works on 2.2 but not 2.4. Any ideas? the http proxy works great. port forwarding works great. outgoing firewall works great too. just the system access firewall does not. i have not tried vpn because i am stuck trying to figure out why the system is not allowing access from the red interface to the box via ssh and 10443. Thanks Edwin Title: Re: [EFW 2.4] System Access Policies not working Post by: edgeconsults on Thursday 22 July 2010, 09:43:42 am I just tried modifying the system access rules and only having 1 rule.
source address: blank source interface: red service: any protocol: any policy action: allow enabled: checked i also tried this source address: blank source interface: red service: all protocol: tcp+udp policy action: allow enabled: checked and still no luck. i can however ping the box. any ideas? am i doing something wrong? thanks Edwin Title: Re: [EFW 2.4] System Access Policies not working Post by: DFen on Friday 23 July 2010, 03:28:18 am I have a static IP address and this rule works fine for me for web and SSH access.
<mystaticIP> <ANY> TCP/10443 TCP/80 TCP/22 ALLOW Title: Re: [EFW 2.4] System Access Policies not working Post by: johnthecomputerguy on Saturday 31 July 2010, 12:43:03 pm I am seeing this exact same issue. Machine is a Dell Precision 390 workstation with the onboard Broadcom NIC being used for WAN. System access rules are not being processed properly it seems. Will try to swap WAN with one of the installed Intel PCI NICs to see if it is a driver issue.
Title: Re: [EFW 2.4] System Access Policies not working Post by: DFen on Sunday 01 August 2010, 01:15:04 am Hi
I have tried some tests on my test machine uplink main RED (DHCP) is down so has no IP INACTIVE uplink test is defined as a gateway over Green (defaut gateway: 192.168.1.1) and is up If I add rule Firewall->System access source: blank interface:any service: any policy:allow enabled It appears in the chain INPUTFW ssh to firewall to see the chain: iptables -L INPUTFW -nv If I change the rule to: source: blank interface:RED service: any policy:allow enabled Then nothing appears in the INPUTFW chain I think this is a (known?) bug in 2.4 Setting the interface to Green or OpenVPN seems to work OK but RED does not. Work-around ========= if source IP is defined just set interface to "any" If no source IP but rule is different for Green etc Define rules for Green, OpenVPN, Orange etc first Then define rule for RED but using interface "any" |