This post is a FYI.
I have found that enabling the Drop Hostile option broke the connections to the MEGAsync servers located in Canada. A review of the firewall logs showed the MEGAsync servers being dropped with DROP_NEWNOTSYN designation. Turning off “Drop packets from …” and a reboot allowed MEGAsync to work properly again. However, the IPs are still being dropped DROP_NEWNOTSYN but less frequently.
After enabling the Drop Hostile option and rebooting again MEGAsync works as expected.
could you please post the IP address(es) in question here?
DROP_NEWNOTSYN has nothing to do with DROP_HOSTILE. If you see such firewall hits, this can happen if IPFire was rebooted (so it starts with an empty connection tracking table, whereas a client behind it still maintains a network connection as being successfully established), or it indicates a broken/RFC-ignorant network device or application.
Well, it was not “drop hostile” then, otherwise the application would have stopped working. Or did I misunderstand you?
this is odd, as they are not marked as being hostile in the location database:
[root@maverick ~]# location version
Sat, 02 Apr 2022 05:55:09 GMT
[root@maverick ~]# location lookup 162.208.16.35
162.208.16.35:
Network : 162.208.16.0/24
Country : Canada
Autonomous System : AS205809 - MEGA Cloud Services Limited
(That output covers the entire /24, so querying one IP address is sufficient. )
Well, I really don’t see the connection to the “drop hostile” feature here, but will be happy to investigate further, if necessary. Could you please post the relevant log messages here, too? They are in /var/log/messages, and should contain DROP_HOSTILE as well as the Canadian IP addresses in question.
After some experimenting it turned out the issue and solution was the having the IPS enabled on Blue and Green networks. By turning off the monitoring of the Blue and Green networks the issue has gone away. I looked through the rule sets but could not ascertain which where the problematic rules. What I do know is that the issue was caused by the services’ connections being dropped with DROP_NEWNOTSYN in the logs.
this might be related to a bug in the Linux kernel connection tracking @msspotted a while ago.
Upcoming Core Update 167 features an updated kernel with this patch included. No changelog is available yet (because it still needs to be proofread), but as soon as it is, you will get an e-mail from the project nevertheless.
If possible, it would be great if you could test this update, and report whether the problem still persists.
I have updated to Core 167. As a test I enabled IPS on Blue. Immediately MEGAsync was unable to upload or download changes. Once disabled on Blue the files synced. I will again read through the rule sets to see if I can find something that could be causing the problem.