Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 4 subscribers
  • Views 10807 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange Behavior with Ports and Port Forwarding after 9.408 update

Joshua Franklin

First off, hello to the forums, I'm a Sophos Certified UTM architect and this one has me a bit stymied and I'd love some input.

This is on my personal UTM running as a VM inside a windows server 2012 r2 data center tower

the data center box also hosts a windows based Teamspeak Server, Tixati Torrent Software, my VPN software all of which, which up until the UTM 9.408 update was working properly

IPS is currently turned off

Machines connected to the VPN or on the internal network have no problem connecting to the teamspeak server, however when connecting to the server from the internet the connection times out.

i have defined the service definitions as follows and they are part of defined group teamspeak.

Teamspeak is setup with a DNAT and I've added manual packet filter rules to rule out something wonky with the autogenerated rules

This is what the firewall rule looks like


Here is what the live packet filter logs show when a connection attempt is made

 

 

Any ideas from the guru's?

 





This thread was automatically locked due to age.
Parents
  • 0

    I am confused (and this may be the source of your question) why it is associating port 41144 with your NAT rule.  I don't see any reason that it would be associated based on what you have provided.  It appears to be missing from your teamspeak rules, unless you don't have all of them displayed in your screen capture.  It is a TeamSpeak port (TSDNS) and appears to be needed nowadays.

  • 0 in reply to darrellr

    41144 is TSDNS (Teamserver DNS port) it is part of the Teamspeak GroupI apparently didnt have it onscreen when I did the scren cap.  That DNAT is working properly and when I review the client logs it shows the TSDDNS server resolving the data properly

      

     

    it allows a teamspeak request to come in without a port number and automatically configure the client for the correct port. But is only reccomended in environments with multiple teamspeak servers.   It wasnt running on my system when UTM 9.407 was running and the Teamspeak Server was working properly, I set it up after the UTM 9.408 update to see if it would fix anything, but it did not.

  • 0 in reply to Joshua Franklin

    If it is automatically changing ports, it implies that that functionality is akin to UPnP-type configurations.  I may be misunderstanding what you mean by the correct port, though.  Does it work with that service disabled under 9.408?

  • 0 in reply to darrellr

    it doesn't change the ports in the firewall, it modifies the incoming connection request to attempt to use the port defined in the TSDNS ini.

     

    Under v9.408 it does not allow connections from inside the LAN if tsdns is running, lan connections time out, if I disable it, LAN connections work properly.

  • 0 in reply to Joshua Franklin

    I will have to read a little more about TeamSpeak I think.  Have you ran a sniffer on the client to see what it is seeing?  tcpdump on the firewall at the same time, watch all of the traffic in realtime instead of relying on logs.  I wonder if itis a sessioning issue that the firewall is dropping for some reason.  If you have an official support channel, I would definitely open a ticket with Sophos though.  I know you said this instance was home use, but maybe they would still help out if you approach it from an educational perspective (being certified).

Reply
  • 0 in reply to Joshua Franklin

    I will have to read a little more about TeamSpeak I think.  Have you ran a sniffer on the client to see what it is seeing?  tcpdump on the firewall at the same time, watch all of the traffic in realtime instead of relying on logs.  I wonder if itis a sessioning issue that the firewall is dropping for some reason.  If you have an official support channel, I would definitely open a ticket with Sophos though.  I know you said this instance was home use, but maybe they would still help out if you approach it from an educational perspective (being certified).

Children
No Data
Unfiltered HTML