Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 7623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access router webpage from another network

emanueleanni

Goodmorning everyone,

after a little study i realize that the packet filter rule let me pass to the modem 192.168.0.1 from the network 192.168.1.0/24

now the scenario is: one interface of my sophos doing pppoe while the modem is in bridge mode; in the pppoe interface i add an extra ip that is 192.168.0.2 as i see in this guide, but i can't reach my modem webpage. Last day i realize that the web filter put in standard mode blocks the webpage and if i put it in transparent mode i can reach my modem again.

my question is (after reading the manual) what are the priorities in sophos utm? which rule (packet filter, web filter, ips) comes first? i'm asking this because i set a policy that is deny from lan2 to lan1 but the policy partially work because if i smb from lan2 to lan1 i'm blocked and that's right but, if i try to log in a web server of the lan1 from lan2 i can log without problems and that's wrong (the policies described are enabled while the web filter is in transparent mode).

i have noticed that if i want to navigate with web filter standard i have to set a masquerating rule for my lans while in transparent mode isn't necessary.

another thing is that i can't ping my modem ip address while i can ping the addictional interface of the sophos utm that i made. i realize that now i can't see anything in the webfilter log regarding 192.168.0.1 even in firewall logs! what's going on? i add another masquerating rule for lan1 to the addictional address of my wan but i see anything on logs.

can you help face these problems?

Thanks in advice



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Remove the static route, simply create a firewall rule for two way communication.

    1. Lan 1.0 > Modem 0.1

    2. Modem > Lan

    Post a screenshot of the masquerading rule. Also, take a tcpdump capture and verify whether the packet is forwarded towards modem via UTM and if the modem responds to it.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    i'm late sorry...

    i have all the requested info's:

    here's the tcpdump:

    sophos:/home/login # tcpdump host 192.168.0.1
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    20:13:01.672362 IP 192.168.1.10 > 192.168.0.1: ICMP echo request, id 1, seq 168, length 40
    20:13:06.215284 IP 192.168.1.10 > 192.168.0.1: ICMP echo request, id 1, seq 169, length 40
    20:13:11.568305 IP 192.168.1.10 > 192.168.0.1: ICMP echo request, id 1, seq 171, length 40
    20:13:16.224576 IP 192.168.1.10 > 192.168.0.1: ICMP echo request, id 1, seq 172, length 40
    20:13:21.218217 IP 192.168.1.10 > 192.168.0.1: ICMP echo request, id 1, seq 173, length 40
    20:13:33.694955 IP 192.168.1.10.phonex-port > 192.168.0.1.http: Flags [S], seq 744988344, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:33.945563 IP 192.168.1.10.h2gf-w-2m > 192.168.0.1.http: Flags [S], seq 1957812283, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:36.706038 IP 192.168.1.10.phonex-port > 192.168.0.1.http: Flags [S], seq 744988344, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:36.953402 IP 192.168.1.10.h2gf-w-2m > 192.168.0.1.http: Flags [S], seq 1957812283, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:42.721119 IP 192.168.1.10.phonex-port > 192.168.0.1.http: Flags [S], seq 744988344, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    20:13:42.968652 IP 192.168.1.10.h2gf-w-2m > 192.168.0.1.http: Flags [S], seq 1957812283, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    20:13:54.859339 IP 192.168.1.10.bmcpatrolrnvu > 192.168.0.1.http: Flags [S], seq 769053352, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:57.865902 IP 192.168.1.10.bmcpatrolrnvu > 192.168.0.1.http: Flags [S], seq 769053352, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:13:59.981031 IP 192.168.1.10.cops-tls > 192.168.0.1.http: Flags [S], seq 2331851406, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:14:02.984682 IP 192.168.1.10.cops-tls > 192.168.0.1.http: Flags [S], seq 2331851406, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:14:03.871064 IP 192.168.1.10.bmcpatrolrnvu > 192.168.0.1.http: Flags [S], seq 769053352, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    20:14:08.999703 IP 192.168.1.10.cops-tls > 192.168.0.1.http: Flags [S], seq 2331851406, win 8192, options [mss 1460,nop,nop,sackOK], length 0

    and the other things that you requested:

    http://i63.tinypic.com/34o946c.png

    http://i67.tinypic.com/2i1jk8g.png

    http://i67.tinypic.com/2z908r7.png

    of course i tried to remove the static route, add the firewall rules but nothing i don't understand.

    thank you 

Reply Children
No Data
Unfiltered HTML