[Efw-user] since last upgrade of 2.2 stable : no more external access (OPENVPN and GUI)

Sun, 18 Oct 2009 12:35:35 -0700 

Hi,

 

A few weeks ago, I did an upgrade of my EFW (stable release 2.2) using the
efw-upgrade script

Since then, I lost my "external access" :

-          I'm no longer able to connect with openvpn client

-          I'm no longer able to access the GUI from external

 

I've removed/turned off almost all my custum rules for external access, port
forwarding etc.

I turned off IDS (snort) completely

 

The external access rules I've left are :

 

1             <ANY>                 RED        TCP/10443
ALLOW                                 

2             <ANY>                 RED        TCP+UDP/1194
ALLOW                 

 

 

When I check tcpdump and the firewall log on the efw box, I still see for
the attempts of my openvpn client coming in, but being dropped (see below)

 

 

 

Any ideas? 

 

L.

 

 

 

 

An extract:

 

20:52:19.118946 IP (tos 0x0, ttl 128, id 16777, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:21.301571 IP (tos 0x0, ttl 128, id 16778, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:23.584632 IP (tos 0x0, ttl 128, id 16779, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:25.126910 IP (tos 0x0, ttl 128, id 16780, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:28.471805 IP (tos 0x0, ttl 128, id 16781, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:29.664552 IP (tos 0x0, ttl 128, id 16782, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:31.996581 IP (tos 0x0, ttl 128, id 16785, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

20:52:34.319867 IP (tos 0x0, ttl 128, id 16788, offset 0, flags [none],
proto 17, length: 42) 123-123-123-123.dynamic.myprovider.xx.pdp >
111-111-111-111.dynamic.myprovider.xx.openvpn: UDP, length 14

 

Oct 18 20:52:08 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16759 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:20 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16777 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:26 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16780 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:32 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16785 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:39 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16792 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:44 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16794 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:50 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16801 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:52:56 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16804 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:53:01 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16807 PROTO=KEY_UDP
SPT=1675 DPT=1194 LEN=22 

Oct 18 20:53:09 gatefie ulogd[1286]: INPUT:DROP IN=eth1 OUT=
MAC=00:08:0d:9c:76:d1:ff:ff:14:00:03:00 SRC=123.123.123.123
DST=111.111.111.111 LEN=42 TOS=00 PREC=0x00 TTL=128 ID=16813 PROTO=KEY_UDP
SPT=1677 DPT=1194 LEN=22


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to