Hi community.
i am a home user, having problems with DNAT. it was working in previous versions... i am succesfully using WAF for web services (https), but not DNAT. well, they work as expected when activated, but next day they are not.
problem is like this, this is my accessing from outside:
2019:04:17-10:58:53 home ulogd[4923]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62003" initf="ppp1" srcip="myexternalipelsewhere" dstip="myhomeip" proto="6" length="52" tos="0x00" prec="0x20" ttl="123" srcport="10401" dstport="3389" tcpflags="SYN" 2019:04:17-10:58:53 home ulogd[4923]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp1" outitf="eth1.10" srcmac="00:01:2e:6e:b0:09" srcip="myexternalipelsewhere" dstip="mylanip" proto="6" length="52" tos="0x00" prec="0x20" ttl="122" srcport="10401" dstport="3389" tcpflags="SYN"
after i restart DNAT rule it is like this:
2019:04:17-11:04:10 home ulogd[4923]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62003" initf="ppp1" srcip="myexternalipelsewhere" dstip="myhomeip" proto="6" length="52" tos="0x00" prec="0x20" ttl="123" srcport="10800" dstport="3389" tcpflags="SYN" i really did only turned off the DNAT and then reenabled. it works even after system restart...??ofcourse there are country based drops that are ok:
2019:04:17-11:08:08 home ulogd[4923]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62003" initf="ppp1" srcip="188.246.224.47" dstip="myhomeip" proto="6" length="40" tos="0x08" prec="0x00" ttl="242" srcport="60000" dstport="3389" tcpflags="SYN" 2019:04:17-11:08:08 home ulogd[4923]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="ppp1" outitf="eth1.10" srcmac="00:01:2e:6e:b0:09" srcip="188.246.224.47" dstip="mylanip" proto="6" length="40" tos="0x08" prec="0x00" ttl="241" srcport="60000" dstport="3389" tcpflags="SYN" WAF for now works as expected.i did have some problems with dyndns and wan interfaces ip; was solved with system reset, i hope it does not rewoke.another thing for this version; using web admin, after time out it does not logout, it just caches objects (just like before initial login) infinite. (using chrome)thank you for any suggestions.UTM active services:Firewall is active with 28 rulesStatus: Enabled Intrusion Prevention is active with 1660 of 35029 patternsStatus: Enabled Web Filtering is active, 22053 requests served todayStatus: Disabled Network Visibility is inactiveStatus: Disabled SMTP Proxy is inactiveStatus: Enabled POP3 Proxy is active, 0 emails processed, 0 emails blockedStatus: Disabled RED is inactiveStatus: Disabled Wireless Protection is inactiveStatus: Disabled Endpoint Protection is inactiveStatus: Disabled Site-to-Site VPN is inactiveStatus: Enabled Remote Access is active with 0 online usersStatus: Enabled Web Application Firewall is active, 36 requests served todayStatus: Disabled Sophos UTM Manager is not configuredStatus: Disabled Sophos Mobile Control is inactiveStatus: Disabled HA/Cluster is inactiveStatus: Enabled Antivirus is active for protocols HTTP/S, POP3Status: Enabled Antispam is active for protocols POP3Status: Enabled Antispyware is active
Ahoj Nejc and welcome to the UTM Community!
It's very rare, but sometimes an Up2Date will "break" something in the configuration. The easiest fix is to restore the backup made just before applying the last group of Up2Dates. If you try that and still have issues, try rebooting three times. If you still experience the same problem, try deleting the DNAT and creating a new one. If that doesn't work, copy several backups off the UTM, re-image from ISO and restore from backup. Did any of that work for you?
Cheers - Bob
Hi Bob and thank you for suggestions...
i tried restoring config, rebooting, recreating nat rule.. .nothing works. :/ i do not like to re-image...
interesting thing is, that none of the nat rules works, if i restart one rule (disable and reenable...) then all start to work. ??
What you're experiencing is very unusual - I don't recall seeing anyone else report this since I joined 12+ years ago.
If you can tie down the time that the DNAT stops working every day, you could build a cron job to disable/enable it every day.
To get a list of the REF_ for your NAT rules, do the following as root:
cc get_objects packetfilter nat | grep \'ref
One of the lines might look like 'ref' => 'REF_PacNatRdpFromAny'. Below is the line you would use to toggle that rule off/on at 4AM daily:
0 4 * * * root /usr/local/bin/confd-client.plx change_object 'REF_PacNatRdpFromAny' status 0 ; /usr/local/bin/confd-client.plx change_object 'REF_PacNatRdpFromAny' status 1
I would first add that to /etc/crontab-static and then to /etc/crontab. In that way, your cron job will be retained even if something is done to cause the configuration daemon to rebuild crontab.
Any luck with that?