Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 10631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The infamous fwrule="60001"

Paul Dennis

Just performed a new installation of UTM 9. created network and service definition however access to this resource is being blocked. The firewall is logging the following.

2018:08:31-00:15:27 firewall ulogd[1111]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac=“00:00:00:00:00” dstmac="00:0e:c0:00:00:00” srcip=“some wan IP“ dstip=“network service host” proto="6" length="60" tos="0x00" prec="0x20" ttl="57" srcport="47439" dstport=“4444” tcpflags="SYN"

Are there any specific rules that I need to create to all incoming traffic? I've looked through a few articles on the error but could not get it to work.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Paul and welcome to the UTM Community!

    Instead of looking elsewhere to get good advice, start in this community.  If there's a better explanation of something elsewhere, you will find links here.  In this case, not only is Richards' piece painfully long, it's wrong.

    In the DNAT definition itself, you can use the green + icon to define any new item needed - no need to traipse all around WebAdmin.

    See #5 in Rulz to understand that Richards himself was new to UTM when he created that piece.

    Finally - the error causing your packets to be tossed overboard by the firewall...  Your RDP definition is incorrect - the Source Port should be 1:65535, not 5000.  The packet in your firewall log line didn't qualify because its source port was 47439.  The standard RDP definition should have been used in a NAT rule like:

    Internet -> {1:65535->1243} -> External (Address) : to {network service host} using RDP

    In any case, I think the advice to use remote access is spot on.  If you will have more than one person at a time using RDP remotely, I would use the SSL VPN.  If it will never be more than one, the HTML5 method might be more to your liking.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Paul and welcome to the UTM Community!

    Instead of looking elsewhere to get good advice, start in this community.  If there's a better explanation of something elsewhere, you will find links here.  In this case, not only is Richards' piece painfully long, it's wrong.

    In the DNAT definition itself, you can use the green + icon to define any new item needed - no need to traipse all around WebAdmin.

    See #5 in Rulz to understand that Richards himself was new to UTM when he created that piece.

    Finally - the error causing your packets to be tossed overboard by the firewall...  Your RDP definition is incorrect - the Source Port should be 1:65535, not 5000.  The packet in your firewall log line didn't qualify because its source port was 47439.  The standard RDP definition should have been used in a NAT rule like:

    Internet -> {1:65535->1243} -> External (Address) : to {network service host} using RDP

    In any case, I think the advice to use remote access is spot on.  If you will have more than one person at a time using RDP remotely, I would use the SSL VPN.  If it will never be more than one, the HTML5 method might be more to your liking.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML