Firewall doubts

geofxgt · March 5, 2018, 8:47pm

NethServer Version: 7.4
Module: Firewall

I have two implementations, in different places, in one everything works properly, but in the other place, the firewall does not apply block correctly, and when I try the tail -f command in both places this is the result.

As you can see in the first site only can view the incoming conecctions, not who lan client request the conecction, in the other site I can view that information.

In the web gui I have configured this rules:

The rules are pretty same in both places, so, why the firewall has work fine in one place and in the other not?

In both places the nethserver are the gateway

Thanks for your help!

alefattorini · March 8, 2018, 2:36pm

Hi Pedro,
thanks for joining the NethServer Community and welcome here!
Some of these friends may help you with your concerns
@islipfd19 @jitkian @Hunv @firsttiger @ssabbath @kolli_vasu @Imre_Bertalan @ssabbath

mrmarkuz · March 10, 2018, 10:58am

Hi @geofxgt,

sorry for the late answer. You may compare the firewall config of your servers:

config show firewall

db fwrules show

http://docs.nethserver.org/en/latest/firewall.html
http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-firewall-base.html

Are your systems both up to date? Do you use proxy and dpi?

Are there other differences between the 2 servers?

geofxgt · March 10, 2018, 7:27pm

Thanks for you reply,
In both servers I use transparent proxy, and DPI module

AFAIK the DPI module and the proxy not working together in Authenticated mode or not?

The both nethservers are updated.

dnutan · March 10, 2018, 7:50pm

Do you use suricata IPS?

geofxgt · March 10, 2018, 7:56pm

Yes, in both sites, with the rules recommended in this post.

dnutan · March 10, 2018, 8:33pm

What’s the output of:

config getprop firewall nfqueue

geofxgt · March 10, 2018, 9:37pm

The same result in both sites.