Results 1 to 3 of 3
  1. #1
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    127

    Default One Client blocked another one not!?

    Hi all,
    I'm having trouble with one client accessing servers behind our Untangle box.

    The port 80 and 443 should go through:(firewall app) Bildschirmfoto 2019-05-24 um 07.43.13.png

    the first example connection from a client IP that is working correctly, example start:
    Code:
    06:49:58.729247 IP (tos 0x0, ttl 55, id 21731, offset 0, flags [DF], proto TCP (6), length 60)
        89.182.77.1zz.29449 > 134.169.1xx.yy.443: Flags [S], cksum 0x478b (correct), seq 2129622721, win 29200, options [mss 1452,sackOK,TS val 1721508386 ecr 0,nop,wscale 7], length 0
    06:49:58.730442 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
        134.169.1xx.yy.443 > 89.182.77.1zz.29449: Flags [S.], cksum 0x9b67 (incorrect -> 0x69cf), seq 2701866853, ack 2129622722, win 28960, options [mss 1460,sackOK,TS val 47842120 ecr 1721508386,nop,wscale 7], length 0
    The second shows the connection of the problematic client:
    Code:
    06:52:34.168528 IP (tos 0x0, ttl 55, id 16465, offset 0, flags [DF], proto TCP (6), length 60)
        95.90.184.1zz.9564 > 134.169.1xx.yy.80: Flags [S], cksum 0x447f (correct), seq 524030372, win 29200, options [mss 1412,sackOK,TS val 665323430 ecr 0,nop,wscale 7], length 0
    06:52:34.168556 IP (tos 0x0, ttl 55, id 46556, offset 0, flags [DF], proto TCP (6), length 60)
        95.90.184.1zz.9574 > 134.169.1xx.yy.443: Flags [S], cksum 0xdcc8 (correct), seq 3002590249, win 29200, options [mss 1412,sackOK,TS val 665323430 ecr 0,nop,wscale 7], length 0
    06:52:34.170039 IP (tos 0x0, ttl 54, id 46556, offset 0, flags [DF], proto TCP (6), length 40)
        134.169.1xx.yy.443 > 95.90.184.1zz.9574: Flags [R.], cksum 0xe5c6 (correct), seq 0, ack 3002590250, win 0, length 0
    06:52:34.170813 IP (tos 0x0, ttl 54, id 16465, offset 0, flags [DF], proto TCP (6), length 40)
        134.169.1xx.yy.80 > 95.90.184.1zz.9564: Flags [R.], cksum 0x4d7d (correct), seq 0, ack 524030373, win 0, length 0
    (tries http and https access both SYN packets receive immediately a RESET)
    Both packet traces are made on the WAN network port.

    How can I find out what is blocking this connections? In the reporting I see only "firewall blocked: false flagged: false"
    Does anybody have an idea? The only way to connect this client IP to the internal network is to add a bypass rule for the client. But since it is a dyn IP it is not possible.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,525

    Default

    There are more modules than just the firewall to check, and yes ingress web sessions will be filtered by Web Filter and the rest, unless you pushed that traffic into a rack that doesn't have much in it. But one must always remember that Untangle applications don't care about direction, only that something is there to scan.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,009

    Default

    The easiest method is to add the client's IP as a condition in reports. Then scan the filtered reports for the information you need.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2