I have set up a firewall rule to allow communication from a host on my network to communicate out on UDP ports 16800:16820. I do not have any other rule blocking that port. Though the firewall is still dropping those packets. Any ideas on what I am doing wrong and how to correct? Please see firewall log example below:
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940"
Thanks!
Can you screenshot/snip tool your Firewall rule and post it here? Obfuscate anything important, but I'd like to see how your rule is set up in the GUI.
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Hi Aren,
It doesn't appear that dstport="21940" is allowed by that rule.
Cheers - Bob
oh gosh. You are completely right! How did I miss that. Sorry for missing the simple things, but appreciate the time.
Thanks, Aren,
That's often why we come here - to get help seeing what we know is not there or seeing that what we know is there is not! ;-)