2 Oct 2008 01:15
Re: Can't connect to subaru.com on port 80
Turn logging on for your last rule on your LAN that drops all otherwise specified traffic. Your logs should show something useful...
Or, for "gits and shiggles" put a nice big "Allow all traffic all protocols all ports from anywhere to anywhere" rule on your LAN to see if your connectivity to subaru.com changes... and of course don't forget to remove it when you're done...
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
----- "BSD Wiz" wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<at> gmail.com>
Or, for "gits and shiggles" put a nice big "Allow all traffic all protocols all ports from anywhere to anywhere" rule on your LAN to see if your connectivity to subaru.com changes... and of course don't forget to remove it when you're done...
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
----- "BSD Wiz" wrote:
>
sure, but i'm not filtering traffic on port 80 by IP and all www traffic seems to work fine. please let me know if you prefer this an another format.
>
this has me stumped...
>
>
thanks!
>
-phil
>
>
here's the WAN Rules;
>
>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>udp</protocol>
<source>
<address>216.181.136.7</address>
</source>
<destination>
<address>10.0.0.2</address>
<port>1000-65535</port>
</destination>
<descr>NAT Allow inbound traffic from Lingo</descr>
</rule>
<rule>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>172.16.0.99</address>
<port>22</port>
</destination>
<descr>NAT Allow Backups from PPGNetServ using SSH</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<address>72.167.141.110</address>
</source>
<destination>
<address>172.16.0.99</address>
<port>5001</port>
</destination>
<descr>Allow iperf connections from GoDaddy Server</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>172.16.0.1</address>
<port>443</port>
</destination>
<disabled/>
<descr>WAN -> Allow Remote Admin of FW</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp/udp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
<port>1194</port>
</destination>
<disabled/>
<log/>
<descr>Allow Incoming Remote VPN Road Warriors</descr>
</rule>
<rule>
>
>
>
>
>
>
>
And here's the LAN rules
>
>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>8000-8030</port>
</destination>
<descr>LAN -> Allow FTP Out</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>80</port>
</destination>
<descr>LAN -> 80</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>443</port>
</destination>
<descr>LAN -> 443</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>22</port>
</destination>
<descr>LAN -> SSH</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5900</port>
</destination>
<descr>LAN -> VNC</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os></os>
<source>
<address>172.16.0.25</address>
</source>
<destination>
<any/>
</destination>
<descr>LAN -> Allow Phill's mac ANY to ANY</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<address>172.16.0.99</address>
</source>
<destination>
<any/>
<port>12489</port>
</destination>
<descr>LAN -> Nagios</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>udp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>10001</port>
</destination>
<descr>LAN -> 10001(vpn)</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>udp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>500</port>
</destination>
<descr>LAN -> 500(vpn)</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>3000</port>
</destination>
<descr>LAN -> NTOP/NetFlow</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5050</port>
</destination>
<descr>LAN -> Yahoo IM</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>icmp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>LAN -> ICMP</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp/udp</protocol>
<source>
<address>172.16.0.99</address>
</source>
<destination>
<any/>
</destination>
<disabled/>
<descr>LAN -> Allow All</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>26</port>
</destination>
<descr>LAN -> 26(ssh godaddy/PPGNetServ)</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp/udp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>1194</port>
</destination>
<disabled/>
<descr>LAN -> Allow 1194 for OpenVPN</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>110</port>
</destination>
<descr>LAN -> 110</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>139</port>
</destination>
<descr>LAN -> SMB</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>udp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>137</port>
</destination>
<descr>LAN -> SMB</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
RSS Feed