A windows client - member of a nethserver served domain gets blocked for external traffic. So I still can reach internal ressources, only webinterface access to nethserver acting as firewall is not answered, nor internet access through this nethserver firewall and gateway is blocked. All other clients can still access firewall by webinterface and internet. A reboot of the problematic pc makes it have access to firewall and internet again. Until shortly I was not able to reproduce. Today I found a way to reproduce it. Starting teamviewer shows green online status on the app. But connectiong to a teamviewer client in internet it stays always at satus connecting (no password prompt). After that, when I try to connect to internet by browser or if I try to access webinterface of the firewall it doesn’t work until reboot. Issuing shorewall clear on the firewall from another client, re-established internet connection and ability to connect to teamviewer from internet.
I tried disabling ips, threat shield and proxy but the problem persists. I see many log entries in firewall log, while trying to establish teamviewer session when fireall is active.
How can I troubleshoot this? Thanks in advance for helping me understand nethserver firewall/shorewall.
No fail2ban on this firewall, only at the external nethserver connected by ipsec s2s Tunnel, serving mail and nextcloud. And on that one LAN is excluded either.
I will try to setup rules for teamviewer but also would like to understand howto interpret firewall logs. I also will read through documentation
Apparently it is ndpi / deep packet inspection which blocks teamviewer. I found this link, where @filippo_carletti mentions it, thus I would like to learn, how ndpi can be configured to allow teamviewer traffic. May I ask, why ndpi is not configurable in cockpit interface? Generally is it correct to consider packages only available in old webinterface (ex. ndpi or pop3 proxy) are soon to be obsolete? Will the old server manager stay available in general or is it planed to disapear? I am asking, as on one of my nethservers I have a bug, where dns entries can be created but not deleted from cockpit, whereas they can be deleted from old interface.
It was quite easy actually. Looking at the logentry I created the following rule in cockpit firewall rule and now it works
Edit to add, it worked once. Further investigation needed. I have to find the way to not only make a rule for one ip but for *.teamviewer.com. I’ll check and comeback. In the meantime any tip is apreciated
I created a hostgroup and started adding teamviewer hosts mentioned in firewall, but they keep changing, so I need help on howto add *.teamviewer.com instead of single hosts. Or any other alternative. Would it work to just open the needed ports without destination vor can ndpi be disabled for teamviewer, and how?
No one an idea @support_team ? I can’t be the only one trying to use teamviewer with ndpi enabled nethserver firewall? I really would like to solve this as my colleague is dependent on teamviewer usage to support our clients, and it seems quite inconvenient to do a shorewall clear before initiating a teamviewer connection…
So how can a rule be established that allows DST teamviewer port 5398 for destination *.teamviewer.com?