This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange Behavior with Ports and Port Forwarding after 9.408 update

First off, hello to the forums, I'm a Sophos Certified UTM architect and this one has me a bit stymied and I'd love some input.

This is on my personal UTM running as a VM inside a windows server 2012 r2 data center tower

the data center box also hosts a windows based Teamspeak Server, Tixati Torrent Software, my VPN software all of which, which up until the UTM 9.408 update was working properly

IPS is currently turned off

Machines connected to the VPN or on the internal network have no problem connecting to the teamspeak server, however when connecting to the server from the internet the connection times out.

i have defined the service definitions as follows and they are part of defined group teamspeak.

Teamspeak is setup with a DNAT and I've added manual packet filter rules to rule out something wonky with the autogenerated rules

This is what the firewall rule looks like


Here is what the live packet filter logs show when a connection attempt is made

 

 

Any ideas from the guru's?

 





This thread was automatically locked due to age.
Parents
  • I am confused (and this may be the source of your question) why it is associating port 41144 with your NAT rule.  I don't see any reason that it would be associated based on what you have provided.  It appears to be missing from your teamspeak rules, unless you don't have all of them displayed in your screen capture.  It is a TeamSpeak port (TSDNS) and appears to be needed nowadays.

  • 41144 is TSDNS (Teamserver DNS port) it is part of the Teamspeak GroupI apparently didnt have it onscreen when I did the scren cap.  That DNAT is working properly and when I review the client logs it shows the TSDDNS server resolving the data properly

        

     

    it allows a teamspeak request to come in without a port number and automatically configure the client for the correct port. But is only reccomended in environments with multiple teamspeak servers.   It wasnt running on my system when UTM 9.407 was running and the Teamspeak Server was working properly, I set it up after the UTM 9.408 update to see if it would fix anything, but it did not.

  • If it is automatically changing ports, it implies that that functionality is akin to UPnP-type configurations.  I may be misunderstanding what you mean by the correct port, though.  Does it work with that service disabled under 9.408?

Reply Children
  • it doesn't change the ports in the firewall, it modifies the incoming connection request to attempt to use the port defined in the TSDNS ini.

     

    Under v9.408 it does not allow connections from inside the LAN if tsdns is running, lan connections time out, if I disable it, LAN connections work properly.

  • I will have to read a little more about TeamSpeak I think.  Have you ran a sniffer on the client to see what it is seeing?  tcpdump on the firewall at the same time, watch all of the traffic in realtime instead of relying on logs.  I wonder if itis a sessioning issue that the firewall is dropping for some reason.  If you have an official support channel, I would definitely open a ticket with Sophos though.  I know you said this instance was home use, but maybe they would still help out if you approach it from an educational perspective (being certified).

  • Hi, Joshua, and welcome to the UTM Community!

    You said, "Under v9.408 it does not allow connections from inside the LAN if tsdns is running, lan connections time out, if I disable it, LAN connections work properly."  Where are you disabling this?  Why would LAN traffic to your server even transit the UTM?

    What do you mean by "strange behavior" - what are you seeing?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • was working fine under v9.408 prior to updating that UTM Firmware last Monday. Strange Behavior = after firmware update previously open and working D-NAT's for teamspeak have stopped functioning.

    Lan traffic does not transit the UTM, I was troubleshooting with a client on the LAN and As part of my troubleshooting I installed and configured TSDNS which is a server app that tells the client app which listens on port 41144 and tells the client which port to use if it is other than default (I am using default ports). It is launched alongside the Teamspeak server application.  It was not running under v9.407. I found that when TSDNS is running along side Teamspeak, client connections fail and time out. By stopping and quitting the tsdns app Lan Connection to the Teamspeak Server works properly but traffic from the internet is not reaching the teamspeak server, the logs in the teamspeak server support this.





  • I understand now, Joshua.  Try again and see if you find any clues in the Live Logs mentioned in #1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • looks like I had a bad packet filter rule, was deleting them out one by one to take it back to an automatic PF rule state and collect life logs and my phone suddenly able to connect without an issue.