Some things go wrong but i don't understand the problem
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Some things go wrong but i don't understand the problem
by dialsc
::
Rate this Message:
hello,
i've got a interesting problem which i do not understand. i've been using fwbuilder for a lot of years now and there is one thing that i've been facing with but now it breaks my network so i must ask you all 'cause i do not understand the problem. i've configured 4 networks: 1. wan 2. dmz 3. lan 4. secure those networks are connected together using one single linux system where the fwbuilderScript is being used on. in the dmz there is the web server (surprise, surprise... ;) and here is the problem. running the following command from a server in the lan network: wget www.mynetwork.local causes the following error being logged at the firewall: passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.101 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23517 DF PROTO=TCP SPT=37058 DPT=2020 SEQ=4249223951 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A014E58D20000000001030306) this log entry is repeated several times. the wget command takes some seconds and finally downloads the index.html from the webserver. on my popcorn hour (multimedia tank) the problem is even worse. there i cannot consume the multimedia application running on the dmz webserver at all. the problem seems to be the same as the log entries are looking the same way: passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.105 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6974 DF PROTO=TCP SPT=60756 DPT=2020 SEQ=2428079454 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A014E96600000000001030306) from my point of view very interesting is the fakt that the communication is being blocked from the webserver back to the media tank. using a browser, e.g. firefox, the webapplication can be accessed as expected and no errors appear in the logs of the firewall. has anyone an idea what's the problem here? greez, dialsc |
|
|
Re: Some things go wrong but i don't understand the problem
by Whit Blauvelt
::
Rate this Message:
On Sat, Aug 01, 2009 at 03:08:52PM -0700, dialsc wrote:
> passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.101 > LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23517 DF PROTO=TCP SPT=37058 DPT=2020 > SEQ=4249223951 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT > (020405B40402080A014E58D20000000001030306) Any idea what's on port 2020? Do you have a rule accepting TCP traffic to port 2020? When you use wget, is it in recursive mode, where it also gets pages referred to from the starting page? Are some of those pages specified as being served from port 2020? > passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.105 > LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6974 DF PROTO=TCP SPT=60756 DPT=2020 > SEQ=2428079454 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT > (020405B40402080A014E96600000000001030306) > > from my point of view very interesting is the fakt that the communication is > being blocked from the webserver back to the media tank. Again, you've got port 2020 as the destination. That's not a normal webserver port. But any port can be used. The firewall needs to allow it though. Whit ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: Some things go wrong but i don't understand the problem
by Vadim Kurland ✎
::
Rate this Message:
On Aug 1, 2009, at 3:08 PM, dialsc wrote: > > hello, > > i've got a interesting problem which i do not understand. i've been > using > fwbuilder for a lot of years now and there is one thing that i've been > facing with but now it breaks my network so i must ask you all > 'cause i do > not understand the problem. > > i've configured 4 networks: > > 1. wan > 2. dmz > 3. lan > 4. secure > what ip addresses and netmasks are used on all these 4 networks ? do you use nat in this setup ? do you have a rule to permit connections from network "lan" to network "dmz" ? > > in the dmz there is the web server (surprise, surprise... ;) and > here is the > problem. running the following command from a server in the lan > network: > > wget www.mynetwork.local > > causes the following error being logged at the firewall: > > passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.101 > LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23517 DF PROTO=TCP SPT=37058 > DPT=2020 > SEQ=4249223951 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT > (020405B40402080A014E58D20000000001030306) > This is TCP port 2020, it is not what wget uses to connect to the web server. This blocked connection is something else. To check if the problem might be with DNS, try wget <ip_address_of_the_web_server> See if this comes back with no delay. I dont know how popcorn hour works so can't comment there. --vk > this log entry is repeated several times. the wget command takes some > seconds and finally downloads the index.html from the webserver. on my > popcorn hour (multimedia tank) the problem is even worse. there i > cannot > consume the multimedia application running on the dmz webserver at > all. the > problem seems to be the same as the log entries are looking the same > way: > > passing_dmz2lan IN=eth3 OUT=eth1 SRC=172.22.40.100 DST=192.168.115.105 > LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6974 DF PROTO=TCP SPT=60756 > DPT=2020 > SEQ=2428079454 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT > (020405B40402080A014E96600000000001030306) > > from my point of view very interesting is the fakt that the > communication is > being blocked from the webserver back to the media tank. > > using a browser, e.g. firefox, the webapplication can be accessed as > expected and no errors appear in the logs of the firewall. > > has anyone an idea what's the problem here? > > greez, > > dialsc > -- > View this message in context: http://www.nabble.com/Some-things-go-wrong-but-i-don%27t-understand-the-problem-tp24679140p24679140.html > Sent from the fwbuilder-discussion mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Fwbuilder-discussion mailing list > Fwbuilder-discussion@... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > Vadim Kurland ✍ vadim@... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
| Free embeddable forum powered by Nabble | Forum Help |
