Author Topic: Firewall issues  (Read 3558 times)

mkbrown69

  • Guru
  • ****
  • Posts: 213
    • View Profile
Firewall issues
« on: November 12, 2012, 04:27:36 am »
Good day folks!

I'm having some issues with the stock firewall settings (I added the "domain" TCP/UDP 53 ones via the LMCE firewall page to play with it).  Lots of packet denied messages, including localhost.

Code: [Select]
[1062546.521689] IPv4 packet denied: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=39621 DF PROTO=TCP SPT=47142 DPT=3450 WINDOW=770 RES=0x00 ACK PSH URGP=0

[1062570.285733] IPv4 packet denied: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:a8:7f:eb:08:00 SRC=192.168.80.245 DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=14050 PROTO=UDP SPT=52330 DPT=52330 LEN=48

[1062522.277283] IPv4 packet denied: IN=eth1 OUT= MAC=54:52:00:6a:5b:4b:00:0c:29:b5:fd:73:08:00 SRC=192.168.80.4 DST=192.168.80.1 LEN=136 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=703 DPT=2049 LEN=116

Interfaces are correct, eth0 is outside, eth1 is inside (LMCE network).

Code: [Select]
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 5/min burst
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISH
ACCEPT     all  --  anywhere             anywhere            mark match 0x1
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     all  --  192.168.80.0/24      anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Any ideas why localhost and the internal network are denying so many packets?

Code: [Select]
dcerouter_1021496:/var/log# cat syslog | grep "IPv4 packet denied" |wc -l
6283
dcerouter_1021496:/var/log# cat syslog | grep "IPv4 packet denied" |grep 127.0.0.1 |wc -l
2776
dcerouter_1021496:/var/log# cat syslog | grep "IPv4 packet denied" |grep 192.168.80 |wc -l
3243

Thanks for your time!

/Mike

P.S.  disabling the firewall via the web admin doesn't actually disable or clear the firewall.   I had to clear with iptables -F and iptables -Z.
« Last Edit: November 12, 2012, 05:09:42 am by mkbrown69 »

WhateverFits

  • Guru
  • ****
  • Posts: 230
    • View Profile
    • Sean Walker
Re: Firewall issues
« Reply #1 on: March 02, 2013, 10:20:16 pm »
Anyone have any information on this? I've been having network problems ever since I re-installed a few weeks ago. So much so that my server has been down for almost the whole time since I didn't have time to figure this out.

_if_

  • Guru
  • ****
  • Posts: 248
    • View Profile
Re: Firewall issues
« Reply #2 on: March 02, 2013, 10:41:17 pm »
today there showed up a new ticket incl a patch about firewall issues...that sounds like it may solve your problems...
http://svn.linuxmce.org/trac.cgi/ticket/1697
« Last Edit: March 02, 2013, 10:44:25 pm by _if_ »