Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 10533 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The infamous fwrule="60001"

Paul Dennis

Just performed a new installation of UTM 9. created network and service definition however access to this resource is being blocked. The firewall is logging the following.

2018:08:31-00:15:27 firewall ulogd[1111]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac=“00:00:00:00:00” dstmac="00:0e:c0:00:00:00” srcip=“some wan IP“ dstip=“network service host” proto="6" length="60" tos="0x00" prec="0x20" ttl="57" srcport="47439" dstport=“4444” tcpflags="SYN"

Are there any specific rules that I need to create to all incoming traffic? I've looked through a few articles on the error but could not get it to work.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Paul,

    what is the goal you want to accomplish?

    For sure you have to create firewall rules for any communication you want to allow.
    All what is not defined ist blocked by default.

    The log strip you put in here show a connection to port 4444.
    This is the default webadmin port für any interface.
    Try another port for your network service host. By the way did you created a DNAT rule.

    Or try to check the Rulz No.3 by Bob

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    Typo on the port number.. 

     

    The steps I when through is outline here - https://fortwayneits.zendesk.com/hc/en-us/articles/235945188-How-to-do-Port-Forward-Translation-for-RDP-in-a-Sophos-UTM-9

     

    Copied from the link. In a default installation should this work. My goal is have a RDP session incoming on port 1223 and connecting on the internal host on port 3389.

    How to do Port Forward Translation for RDP in a Sophos UTM 9

     
    Rees Richards

    Step 1: Log into your SOPHOS UTM 9 appliance and go to "Definitions & Users"

     

    Step 2: Click on "Network Definitions"

     

    Step 3: Click "New Network Definition..." and create a "Host" for the computer you would like to Remote into by it's IP Address.

    NOTE: Ensure that the "interface" is set to Internal

     

    Step 4: Click on "Service Definitions" and add a "New Service Definition..."

     

    Step 5: Here is where you specify the external Port for your connection

     

    Step 6: Here is where you specify the internal Port of your connection (Port 3389 is the standard for Microsoft RDP)

    NOTE: Your source Port needs to be the same as the Destination Port of Step 5

     

    Step 7: Here is where you'll go to create the actual firewall rule. Go to "Network Protection" and click "NAT"

     

    Step 8: Select "NAT"

     

    Step 9: Click add "New NAT Rule..." at the top

    Using service: This is the first service rule you created in "Step 5"

    Change the destination to: This is the host you created in "Step 3"

    And the service to: This is the second service rule you created in "Step 6"

    Automatic firewall rule: This automatically creates a firewall rule to allow your RDP connection through

     
     
Reply
  • 0 in reply to DKKDG

    Typo on the port number.. 

     

    The steps I when through is outline here - https://fortwayneits.zendesk.com/hc/en-us/articles/235945188-How-to-do-Port-Forward-Translation-for-RDP-in-a-Sophos-UTM-9

     

    Copied from the link. In a default installation should this work. My goal is have a RDP session incoming on port 1223 and connecting on the internal host on port 3389.

    How to do Port Forward Translation for RDP in a Sophos UTM 9

     
    Rees Richards

    Step 1: Log into your SOPHOS UTM 9 appliance and go to "Definitions & Users"

     

    Step 2: Click on "Network Definitions"

     

    Step 3: Click "New Network Definition..." and create a "Host" for the computer you would like to Remote into by it's IP Address.

    NOTE: Ensure that the "interface" is set to Internal

     

    Step 4: Click on "Service Definitions" and add a "New Service Definition..."

     

    Step 5: Here is where you specify the external Port for your connection

     

    Step 6: Here is where you specify the internal Port of your connection (Port 3389 is the standard for Microsoft RDP)

    NOTE: Your source Port needs to be the same as the Destination Port of Step 5

     

    Step 7: Here is where you'll go to create the actual firewall rule. Go to "Network Protection" and click "NAT"

     

    Step 8: Select "NAT"

     

    Step 9: Click add "New NAT Rule..." at the top

    Using service: This is the first service rule you created in "Step 5"

    Change the destination to: This is the host you created in "Step 3"

    And the service to: This is the second service rule you created in "Step 6"

    Automatic firewall rule: This automatically creates a firewall rule to allow your RDP connection through

     
     
Children
  • 0 in reply to Paul Dennis

    Are you sure you would like to have a RDP session open on the internet for everyone to (ab)use?

    Also in step 3 it is recommended to set the interface to internal, while that will work, it might give you a lot of headache later on. It's best to leave the interface blank as default.

    It is NOT RECOMMENDED to NAT to an RDP server from the internet, period! It's just not safe enough when you let everyone in the entire world connect to your RDP machine. Using a different port won't add much security (security through obscurity).

    If you do need to RDP session then make the extra step and secure it behind a VPN or at the very least restrict the source IP's that are allowed to connect (but prefer the VPN).

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to Paul Dennis

    Read thus discussion snnd KB article.

    port substitution may.help, but tbere are absolutely a lot of bad guys doing password guessong attacks on RDP.

Unfiltered HTML