SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2019-08-19 21:17 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003734||Endian Firewall||Firewall (iptables)||public||2011-05-15 08:21||2011-06-22 09:32|
|Target Version||Fixed in Version|
|Summary||0003734: Cannot access BLUE Zone from GREEN Zone|
|Description||It's not possible to access the BLUE zone from the GREEN zone even though GREEN->BLUE(Any) rule exists in the Inter-Zone Traffic configuration in the user interface. It is not possible to either ping machines on the BLUE network or access them in any way. It is possible to ping the IP of the BLUE NIC. It is also possible to ping the machines when logging into EFW with SSH, which points to an issue with the firewall blocking the packets when it shouldn't be.|
With Inter-Zone logging enabled the following entry appears in the log when trying to ping a host on the BLUE network:
ZONEFW:ACCEPT:2:l3 br0 (br0) 192.168.50.55:br2 -> 192.168.40.1:00:1b:21:a2:ff:a5:18:a9:05:e2:21:ec:08:00 (br2) -MAC=00:1b:21:a2:ff:a5:18:a9:05:e2:21:ec:08:00 ZONEFW:ACCEPT:2:l3 192.168.50.55
|Additional Information||The BLUE network currently consists of a Cisco WRT320N Wireless Router (with the network cable connected from the EFW box to the LAN port of the WRT320N. I also have a laptop connected wirelessly to the WRT320N. The laptop on the blue network has no issues pinging hosts on the RED network or connecting to the internet. The Firewall has the standard Inter-Zone Setup to allow ANY from GREEN to BLUE. However, I cannot ping the WRT320N or the laptop from any host on the GREEN network.|
If I log into EFW via SSH I have no issue pinging the WRT320N router, so it would appear there is an issue with the firewall. I have looked at the output of iptables --list --verbose but havn't gone though all the rules as I'm not an iptables expert.
|Tags||No tags attached.|
can you please check this bug entry http://bugs.endian.com/view.php?id=3395 [^] ?
can you do the same tests proposed to sami and check if you still have the error? in that case, can you post the output of iptables --list --verbose, after hiding all the sensitive data?
Thanks in advance!
|Hi Lorenzo, I'll give it a go, but there's nothing really in the other bug you linked to that indicates any solution.|
|2011-05-15 08:21||Sheldmandu||New Issue|
|2011-06-01 16:17||lorenzo-endian||Relationship added||duplicate of 0003395|
|2011-06-01 16:20||lorenzo-endian||Note Added: 0006553|
|2011-06-01 16:20||lorenzo-endian||Assigned To||=> lorenzo-endian|
|2011-06-01 16:20||lorenzo-endian||Status||new => feedback|
|2011-06-22 09:32||Sheldmandu||Note Added: 0006791|
|Copyright © 2000 - 2012 MantisBT Group|