Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Feb 2021
    Posts
    24

    Default Untangle Sent SYN packet to Internal web server?

    Just saw a log from an internal web server, the local subnet gateway tried to send a syn packet to port 443 on the web server.
    Can anyone clarify if this is normal behavior?

    The firewall address is the .1 and the web server is the .10

    badtraffic.png

    ufwblock.png

    Sorry if the pictures are a bit hard to see.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,574

    Default

    Most likely NAT'ed VPN
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Feb 2021
    Posts
    24

    Default

    I have no VPN in my network, and NAT is only down outbound, and there is no port forward to that internal web server

  4. #4
    Untanglit
    Join Date
    Feb 2021
    Posts
    24

    Default

    Quote Originally Posted by jcoffin View Post
    Most likely NAT'ed VPN
    I investigated other traffic around the similar time, there was a legitimate login to the web server from another internal interface (down to the same second).

    The only logical explanation for this packet existing is that untangle attempted to NAT the connection initially.

    Again, NO VPN and no port forwarding occurring to this web server.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2