Firewall doubts

geofxgt · 2018-03-05 20:47:49 UTC

NethServer Version: 7.4
Module: Firewall

I have two implementations, in different places, in one everything works properly, but in the other place, the firewall does not apply block correctly, and when I try the tail -f command in both places this is the result.

As you can see in the first site only can view the incoming conecctions, not who lan client request the conecction, in the other site I can view that information.

In the web gui I have configured this rules:

The rules are pretty same in both places, so, why the firewall has work fine in one place and in the other not?

In both places the nethserver are the gateway

Thanks for your help!

alefattorini · 2018-03-08 14:36:32 UTC

Hi Pedro,
thanks for joining the NethServer Community and welcome here!
Some of these friends may help you with your concerns
@islipfd19 @jitkian @Hunv @firsttiger @ssabbath @kolli_vasu @Imre_Bertalan @ssabbath

mrmarkuz · 2018-03-10 10:58:48 UTC

Hi @geofxgt,

sorry for the late answer. You may compare the firewall config of your servers:

config show firewall

db fwrules show

http://docs.nethserver.org/en/latest/firewall.html
http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-firewall-base.html

Are your systems both up to date? Do you use proxy and dpi?

Are there other differences between the 2 servers?

geofxgt · 2018-03-10 19:27:14 UTC

Thanks for you reply,
In both servers I use transparent proxy, and DPI module

AFAIK the DPI module and the proxy not working together in Authenticated mode or not?

The both nethservers are updated.

dnutan · 2018-03-10 19:50:31 UTC

Do you use suricata IPS?

geofxgt · 2018-03-10 19:56:23 UTC

Yes, in both sites, with the rules recommended in this post.

dnutan · 2018-03-10 20:33:36 UTC

What’s the output of:

config getprop firewall nfqueue

geofxgt · 2018-03-10 21:37:42 UTC

The same result in both sites.