Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 820 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sudden internet connectivity trouble on UTM9 w/ dedicated hardware

theslawek

I've been running UTM Home for 4+ years and it's been an extremely reliable and I am very happy. I am at a whits end trying to resolve a recent problem which I have researched for several days. I have it running on supermicro hardware with 2x i210 NICs.

The problem is that browsing appears to be normal for perhaps 20 seconds (maybe cache), and then suddenly, no connections are able to be made. Sometimes it appears to get over the blockage but then the problem resumes shortly afterwards.

Bypassing the UTM and using my ISP gateway works 100%.

What I've noticed:

  • Cannot ping 1.1.1.1 for instance (very odd)
  • WebProtection Log: Many instances of "Connection to server timed out"
  • Excessive connection attempts from a particular IP (which I have since blacklisted by DNATing into a black hole)
  • Ethernet connection to my gateway is consistent (Sophos in DMZ mode)

I've tried the following with no help:

  • Reverting back to configuration from before problems started (though I didn't' change anything)
  • Different browser
  • Different computer
  • Change DNS to 1.1.1.1 & 8.8.8.8 (from OpenDNS family filter before)
  • Disabling Web Protection
  • Changing HTTPS filtering from Decrypt to URL only
  • Flushing DNS cache
  • Disabling IPS
  • Confirmed ECN is off
  • Confirmed no other QOS filters enabled


This thread was automatically locked due to age.
  • 0

    Hi  

    I must say you've already tried a lot of things which, unfortunately, did not work. Could you help us with Packetfilter and http logs if you don't mind? Also, try to do a wget for any webpage and see if you're able to make a connection from the SSH. This would help narrow down the search for the issue.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Thanks for your quick response. First thing I did today was SSH into my local fileserver which works. From my fileserver (Ubuntu), I was able to wget several pages, both http and https. Then on my local PC (Windows) I browsed to several websites for about 30 seconds then the blockage started. The SSH connection to my webserver was active, so I tried to wget the same pages and they do NOT work. After several minutes, the HTTP wget did succeed.

    Attached the two logs you requested. I just replaced my public IP with 123.456.789.123.

    The packets from 142.234.39.0/24 are all blocked now. It seemed completely excessive. I've been getting a lot of port-scans recently from various IPs.

    packetfilter-2019-08-19_toshare.log.gzhttp-2019-08-19_toshare.log.gz

  • 0 in reply to theslawek

    Hi and welcome to the UTM Community!

    This sounds more like a hardware issue to me.

    Have you tried replacing the Ethernet cables connected to the UTM's LAN and WAN ports?

    Does ifconfig at the command line indicate any errors on the relevant NICs?  If so, have you tried replacing the NIC with errors?

    Do you have another modem you can try?

    You're just not going to get anyone to dig through an entire log file.  Please show a few relevant lines from each log.

    You should also check the Intrusion Prevention log - see #1 in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML