Firewall Block traffic after some data

Started by Mirio, April 26, 2024, 10:52:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 26, 2024, 10:52:23 AM Last Edit: April 26, 2024, 10:58:13 AM by Mirio
Hi all,
I am encountering a particular behavior, specifically the traffic between two nodes is first allowed and shortly after various data is blocked by the default deny. I would like to point out that there is a specific permit rule for this traffic.

More specifically:

  • Source server: 192.168.50.32 (VM)
  • Destination Server: 192.168.150.21 (K8s with MetalLB + BGP rule with os-frr)
  • Traffic: PSQL (5432 TCP)
  • LAN 50 = VM Networking
  • LAN 150 = Dedicated for BGP routing
  • Firewall rule: I have a specific rule on LAN 50/150 to allow that traffic.

Lan50:


Lan150:


Step to replicate:

  • Jump on the VM
  • Use psql import to import psql dump (10Mb)
  • Some data pass and then blocked

Below the image of firewall log:


Any tips?
Thanks
April 26, 2024, 02:11:44 PM #1
Thanks to Monviech on IRC
Quote
Try to set "State Type" in the Advanced Features of the firewall rule that allows the traffic to "Sloppy State" and TCP flags to "Any flags.

And now it works!
Thank you
April 26, 2024, 02:22:46 PM #2
Though I have to add that this solution circumvents some safety of a proper "keep state". So the root cause of needing this should be fixed in the long run.
Hardware:
DEC740
Print
Go Up Pages1
User actions