Hi,
I have a client that wants to use RRAS dial in to get a remote computer logged onto workgroup (not a domain) both machines XP pro. Remote machine is dialing into WG machine (6.1) with one NIC to router. We set up and authentication is OK but what I see in WG NAT log puzzles me.
11/23/05 09:15:00 Authorisation failure: NAT STATUS: spoofed packet discarded: IGMP src 10.0.0.3:0 dst 224.0.0.22:0
11/23/05 09:15:00 Authorisation failure: NAT STATUS: firewall block: UDP src 10.0.0.3:68 dst 255.255.255.255:67
11/23/05 09:15:00 Debug: Sent route table with 6 entries, return status 0
11/23/05 09:15:05 Authorisation failure: NAT STATUS: firewall allow: UDP src 10.0.0.3:68 dst 255.255.255.255:67
10.0.0.3 is remote machine. I was seeing in GateKeeper blocked actions against 10.0.0.3 so I modified in ENS LAN connection to WG PC to allow port 68 UDP. So it looks like it is now being blocked then 5 secs. later it is not. Do I need to care?
Anyone shed any light? Inquiring minds want to know.
Puzzling firewall log
Moderator: Qbik Staff
7 posts
• Page 1 of 1
by ChrisH » Nov 24 05 1:05 pm
Genie,
Thanks for prompt reply.
Hmm - really? The source IP is Local (remote clients' IP). Isn't WG sending these items to client machine and it responds back when it is connecting to network? To me it looks like WG firewall is blocking the remote machine on an interface it considers internal. Should it be?
Thanks for prompt reply.
genie wrote:These packets were sent by your ISP (group member registration, IP address allocation, etc.).
Hmm - really? The source IP is Local (remote clients' IP). Isn't WG sending these items to client machine and it responds back when it is connecting to network? To me it looks like WG firewall is blocking the remote machine on an interface it considers internal. Should it be?
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by adrien » Nov 24 05 5:11 pm
Hi
There are 2 cases where we report spoofed packets.
1. The packet comes in on an external interface, with a private source IP, and non-private destination IP.
2. The packet has a source IP that corresponds with an IP address of the WinGate machine.
So WinGate must be deeming the interface to be external.
Adrien
There are 2 cases where we report spoofed packets.
1. The packet comes in on an external interface, with a private source IP, and non-private destination IP.
2. The packet has a source IP that corresponds with an IP address of the WinGate machine.
So WinGate must be deeming the interface to be external.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by ChrisH » Nov 25 05 1:47 am
Thanks for that Adrien.
I wonder if perhaps there is a timing issue here. Under the network tab in GateKeeper the incoming connection is deemed internal but I'm assuming that is after connection is made. What about during the negotiation phase? Because this is a dynamic connection WG only sees it when the client/host has established communication-right? This blocking from what I can see would continue if I hadn't opened a hole for port 68 UDP under LAN connection to WG PC . So I'm thinking WG must believe that something is external but on an internal connection - is that possible? I haven't much coffee in my bloodstream at this point yet so my logic maybe flawed:)
I wonder if perhaps there is a timing issue here. Under the network tab in GateKeeper the incoming connection is deemed internal but I'm assuming that is after connection is made. What about during the negotiation phase? Because this is a dynamic connection WG only sees it when the client/host has established communication-right? This blocking from what I can see would continue if I hadn't opened a hole for port 68 UDP under LAN connection to WG PC . So I'm thinking WG must believe that something is external but on an internal connection - is that possible? I haven't much coffee in my bloodstream at this point yet so my logic maybe flawed:)
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by adrien » Nov 25 05 9:41 am
Hi Chris
The port 68/67 one is DHCP-related.
Can you manually set that dialer profile to be deemed internal? If it is automatic, it may default first to external, then change over when the IP address is assigned to the interface.
Adrien
The port 68/67 one is DHCP-related.
Can you manually set that dialer profile to be deemed internal? If it is automatic, it may default first to external, then change over when the IP address is assigned to the interface.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by ChrisH » Nov 25 05 2:15 pm
Adrien
That's it in a nutshell. Incoming connections in XP is really not a dialer profile. XP is just facilitating a remote dial in user to get onto the LAN. So I can't set in GAtekeeper anything to do with incoming connections until one is established and then it shows it as internal -which is correct. Thanks for your insight.
That's it in a nutshell. Incoming connections in XP is really not a dialer profile. XP is just facilitating a remote dial in user to get onto the LAN. So I can't set in GAtekeeper anything to do with incoming connections until one is established and then it shows it as internal -which is correct. Thanks for your insight.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 11 guests