Default deny/state error

Started by jackjason, January 22, 2024, 12:27:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 22, 2024, 12:27:23 PM
hello thanks for having me for long story short i moved my open-appsec NGINX-proxy manager instane from lan to a vlan and the cloudmanagment portale broke for it. im getting default state denied despite having the correct fw rules to the vlan, I am lost at this point.
January 22, 2024, 12:50:24 PM #1
What interface do these rules belong to?

You should have them at the corresponding VLAN interface. Don't forget to reset the states after applying new rules.
January 22, 2024, 01:01:23 PM #2
sorry i badly took the screenshoot it belongs to the vlan (servers). i will try reseting the states when i have free time again. i have work and cant use the vpn from workplace rn.
January 22, 2024, 02:07:03 PM #3
no luck with it the cloud agent still reports nothing and iam still seeing the default deny on live view
January 22, 2024, 03:10:25 PM #4
If rebooting router and server did not help, in order to do a more thorough research you need to present the interface specs for the server interface, all involved aliases, the rules for servers and the floating rules.

Furthermore, is there some NAT port forwarding involved? If yes, I'd need that, too.

TCP state deny can happen a lot, even for expected traffic. But I usually see this for devices on unreliable links (wifI)

January 23, 2024, 03:27:41 AM #5
might try to reboot hopefully it fixes my problem. everything is wired with cat6. the NIC it self is a 4 port  BroadCom 5720-t passes to opnsense in proxmox. 1 for managment 1 for lan 1 for wan and 1 "trunk" for vlans currently the "servers" no other vlans are running beside the "servers".  port forwards are working correctly i can acces my stuff with ngix proxy manager. maybe the tp link switch or my config causes these related issues.
beside wan i have minimal aliases inside the vlan. and the interesting thing the cloudmanagment was working inside my Lan before moving to the vlan. ill post some wireshark caps because i noticed some malformed packets related to udp-RDP that can mean something maybe we can get a lead from it. the other thing i can ask my senior network engineer about this issue but he mainly uses pfsense so no clue if he can help. so far thank you for helping me and giving ideas where to look.
January 23, 2024, 09:36:40 AM #6
managed to get a capture im getting out of order packets from the managment portal but for what f-ing reason? its keeping me awake since last friday 
January 24, 2024, 09:15:40 AM #7
Honestly, without proper knowledge of your network's setup there is no way to follow up.

As you mentioned proxmox you should have a look at its configuration. It seems to me as if your networks are not properly separated and incoming TCP connections being broken at some point.
Print
Go Up Pages1
User actions