Default rules blocking legitimate traffic?

Hi,

99% of our legitimate traffic gets through perfectly. But we have one connection that we know is legitimate that’s being blocked.

Here’s the log from /var/log/messages:

Sep 19 17:15:52 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2599 DF PROTO=TCP SPT=45298 DPT=21116 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:15:53 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2600 DF PROTO=TCP SPT=45298 DPT=21116 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:15:55 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2601 DF PROTO=TCP SPT=45298 DPT=21116 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:15:58 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25151 DF PROTO=TCP SPT=60744 DPT=21150 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:15:59 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25152 DF PROTO=TCP SPT=60744 DPT=21150 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:15:59 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2602 DF PROTO=TCP SPT=45298 DPT=21116 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:16:06 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25154 DF PROTO=TCP SPT=60744 DPT=21150 WINDOW=29200 RES=0x00 SYN URGP=0
Sep 19 17:17:02 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=XXX.XXX.XXX.XXX DST=XXX.XXX.XXX.100 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=50372 DF PROTO=TCP SPT=50416 DPT=21116 WINDOW=29200 RES=0x00 SYN URGP=0

I’m not sure which rule is blocking this, I’ve tried whitelisting the SRC IP address, whitelisting the destination ports, etc.

A couple things I notice about the traffic:

  1. The destination address is the external IP, not the nat’d local IP.
  2. The IN interface is red0, but it doesn’t show an OUT interface in the above log.

Thank you.

Hi,

first, welcome to the IPFire community. :slight_smile:

But we have one connection that we know is legitimate that’s being blocked.

Hm, if this traffic should be allowed by a location-based rule, you might suffer from bug #12480, which will be fixed in the upcoming Core Update 150.

I’m not sure which rule is blocking this, I’ve tried whitelisting the SRC IP address, whitelisting the destination ports, etc.

This is getting interesting as such rules should work. Did you place those whitelisting rules at the very beginning of your ruleset?

  1. The destination address is the external IP, not the nat’d local IP.

I assume this is the external (“RED”) IP address of your IPFire system.

  1. The IN interface is red0, but it doesn’t show an OUT interface in the above log.

Is this connection related to an IPsec tunnel?

Anyway, the following command logs trace information for any packets seen from that source IP to the destination IP (might produce a lot of noise if that client is very chatty; in this case, port restrictions make the haystack to search smaller):

iptables -t raw -D OUTPUT -s [source IP] -d [destination IP] -j TRACE

Could you execute it on your IPFire machine and post it’s results here?

Thanks, and best regards,
Peter Müller

Here’s the trace logs. @pmueller

Sep 21 14:25:42 ipfire kernel: TRACE: raw:PREROUTING:rule:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: raw:CONNTRACK:return:8 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: raw:PREROUTING:policy:24 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:PREROUTING:rule:1 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:NAT_DESTINATION:return:17 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:PREROUTING:policy:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:FORWARD:policy:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:BADTCP:return:10 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:3 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:CUSTOMFORWARD:return:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:4 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:P2PBLOCK:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=29498 DF PROTO=TCP SPT=50782 DPT=21150 SEQ=3427456705 ACK=4083020706 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB19330A83F521)
Sep 21 14:25:42 ipfire kernel: TRACE: raw:PREROUTING:rule:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: raw:CONNTRACK:return:8 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: raw:PREROUTING:policy:24 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:PREROUTING:rule:1 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:NAT_DESTINATION:return:17 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:PREROUTING:policy:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: mangle:FORWARD:policy:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:BADTCP:return:10 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:3 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:CUSTOMFORWARD:return:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:FORWARD:rule:4 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:42 ipfire kernel: TRACE: filter:P2PBLOCK:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=1435 DF PROTO=TCP SPT=43614 DPT=21150 SEQ=1566523493 ACK=498867590 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1A370A827512)
Sep 21 14:25:43 ipfire kernel: TRACE: raw:PREROUTING:rule:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: raw:CONNTRACK:return:8 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: raw:PREROUTING:policy:24 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: mangle:PREROUTING:rule:1 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: mangle:NAT_DESTINATION:return:17 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: mangle:PREROUTING:policy:2 IN=red0 OUT= MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=195.[REDACTED] LEN=82 TOS=0x00 PREC=0x00 TTL=47 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: mangle:FORWARD:policy:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:FORWARD:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:BADTCP:return:10 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:FORWARD:rule:3 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:CUSTOMFORWARD:return:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:FORWARD:rule:4 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)
Sep 21 14:25:43 ipfire kernel: TRACE: filter:P2PBLOCK:rule:1 IN=red0 OUT=green0 MAC=0c:c4:7a:90:de:fa:f0:1c:2d:b3:e5:80:08:00 SRC=167.[REDACTED] DST=10.3.3.8 LEN=82 TOS=0x00 PREC=0x00 TTL=46 ID=47606 DF PROTO=TCP SPT=52064 DPT=21150 SEQ=3984789372 ACK=693633716 WINDOW=229 RES=0x00 ACK PSH URGP=0 OPT (0101080A80CB1C330A8437B7)

This appears to be resolved by enabling the P2P networks under p2p-block.cgi.

1 Like

Hi,

sorry for the late reply.

By “enabling”, do you mean permitting or denying them? Either way, this makes sense, as the P2P filter tends to misclassify some traffic, which is why it is disabled by default.

Thanks, and best regards,
Peter Müller

@pmueller Permitting, when P2P networks are checked, the legitimate traffic works. When unchecked, some legitimate traffic is blocked.

1 Like

Hi,

I see, thanks for clarifying this.

For sake of consistency, I’ll mark this thread as being solved.

Thanks, and best regards,
Peter Müller