Having trouble understanding why traffic is being blocked.

Started by icsy7867, May 09, 2022, 04:12:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 09, 2022, 04:12:58 PM
Hello, and I apologize if this is not the right place to post this.  I am not sure what is going on and I can't figure it out! I have a VPS connected to my internal network via my proteclt box (Currently running 22.1.6).

Everything was working, until sometime a couple of days ago.  I have not changed anything but certain traffic to/from my kubernetes node in the cloud started to be blocked.

Here it is, 6443, kubernetes traffic being blocked.  (I blacked out part of my vlan name as it has some identifying information.


And then I have another rule that allows all 192.168.0.0/16.  Due to some of my cloud things, I have created an alias that I call "localnet" that has a few addresses in it.



From my understanding this should not be blocked.  I have no other block rules.  And "block private subnets" is unchecked.  Any ideas?
May 09, 2022, 04:18:18 PM #1
So is it really blocked or are you just seeing blocked packets but the connection is working?

In most of these cases the "state violation" is being detected on the link due to stray "reset" or "fin" flagged TCP packets. You can see this from the details button of the live view.


Cheers,
Franco
May 20, 2022, 01:08:51 AM #2
Im having this exact same issue. And its actually blocking things, that's how I discovered it. I have many vlans and certain traffic is being blocked due to the opaque "Default Deny / State" error which is odd as I have Allow All inter-vlan and no denies. There should be 0 blocks between vlans. I did check the reasons and there is no flag set on the packets so that rules out a reset flag issue...It blocks connections between different pieces of my network infrastructure and servers as an example. Im curious why there is a default deny rule on the internal networks? I don't see any system deny rules in internal networks, the only default deny rules are on the floating rules default section but there's no explanation of what's being blocked.

Thanks a bunch, this is really screwing with some internal sites that just randomly are inaccessible due to this block.
Print
Go Up Pages1
User actions