Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 7626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access router webpage from another network

emanueleanni

Goodmorning everyone,

after a little study i realize that the packet filter rule let me pass to the modem 192.168.0.1 from the network 192.168.1.0/24

now the scenario is: one interface of my sophos doing pppoe while the modem is in bridge mode; in the pppoe interface i add an extra ip that is 192.168.0.2 as i see in this guide, but i can't reach my modem webpage. Last day i realize that the web filter put in standard mode blocks the webpage and if i put it in transparent mode i can reach my modem again.

my question is (after reading the manual) what are the priorities in sophos utm? which rule (packet filter, web filter, ips) comes first? i'm asking this because i set a policy that is deny from lan2 to lan1 but the policy partially work because if i smb from lan2 to lan1 i'm blocked and that's right but, if i try to log in a web server of the lan1 from lan2 i can log without problems and that's wrong (the policies described are enabled while the web filter is in transparent mode).

i have noticed that if i want to navigate with web filter standard i have to set a masquerating rule for my lans while in transparent mode isn't necessary.

another thing is that i can't ping my modem ip address while i can ping the addictional interface of the sophos utm that i made. i realize that now i can't see anything in the webfilter log regarding 192.168.0.1 even in firewall logs! what's going on? i add another masquerating rule for lan1 to the addictional address of my wan but i see anything on logs.

can you help face these problems?

Thanks in advice



This thread was automatically locked due to age.
Parents
  • 0

    Hi and Welcome to Sophos Community,

    In general, a packet arriving at an interface is handled only by one of the following, in order: the connection tracker (conntrack) first, then Country Blocking, then DNATs, then VPNs, then Proxies (except the SMTP Proxy in Transparent mode which captures traffic forwarded by a DNAT), then manual Routes and manual Firewall rules, which are considered only if the automatic Routes and rules coming before hadn't already handled the traffic and, finally, Applications Control.

    Check if ICMP is allowed through gateway by navigating through Network Protection> Firewall > ICMP. Also, take a tcpdump and ping the modem's IP address. Check if the UTM forwards the packet or not.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Thanks for the help, i managed to enable all my lans to the web filter in transparent mode and exclude them from the same transparent mode, in this way my firewall rules works. regarding the ping question i managed to disable all except the gateway is ping/traceroute visible and try to add a firewall policy with ping service from my lan to another and it works. now the only thing that i couldn't solve is the access to my modem 192.168.0.1 from my lan 192.168.1.1. i made firewall rules exclude the lan 192.168.0.x from transparent mode web filtering, add static routes, masquerade from lan 192.168.1.x to addictional wan interface 192.168.0.1 but it doesn't work. what i'm missing? web access to my modem worked when i had standard mode web filter and i can see that the firewall rule let me pass (as the live log says) but i can't ping the modem and i can't see the web interface. any advice?

    Thanks

Reply
  • 0 in reply to sachingurung

    Thanks for the help, i managed to enable all my lans to the web filter in transparent mode and exclude them from the same transparent mode, in this way my firewall rules works. regarding the ping question i managed to disable all except the gateway is ping/traceroute visible and try to add a firewall policy with ping service from my lan to another and it works. now the only thing that i couldn't solve is the access to my modem 192.168.0.1 from my lan 192.168.1.1. i made firewall rules exclude the lan 192.168.0.x from transparent mode web filtering, add static routes, masquerade from lan 192.168.1.x to addictional wan interface 192.168.0.1 but it doesn't work. what i'm missing? web access to my modem worked when i had standard mode web filter and i can see that the firewall rule let me pass (as the live log says) but i can't ping the modem and i can't see the web interface. any advice?

    Thanks

Children
No Data
Unfiltered HTML