UFW blocking certain incoming requests and not sure why
 

Hi,

I'm a firewall beginner, so please be kind.

I'm running UFW (Uncomplicated/Ubuntu FireWall) on a computer acting as a Privoxy server for my LAN and have set it up as follows (only the relevant info is given):
"Privoxy" is defined as follows:
I'm noticing a large number of [UFW BLOCK] entries of the following type:
The Source Port varies, but only between 598xx - 60xxx.

I've determined that the Source IP address is one of my devices, and that I was probably using it to listen to a BBC iPlayer radio show at the time. The Source IP address lies within the range permitted by the Firewall rule. The Destination IP address and port is Privoxy, so nothing untoward there.

So, why is UFW blocking these incoming requests? If the Source IP Address, Destination Port and Destination IP Address are all valid, shouldn't UFW let these requests through?

You're at LQ. We're always kind.


May have something to do with flags but until we see your 'iptables-save' output we won't know.

Aha. Ok. Just tell me how to access the information you require, and I'll post it.

Running should show you and if it resides in for examle /sbin you could run which would redirect the output to the file "/tmp/iptables.txt" which you can then attach to your reply. Do check for and if necessary obfuscate any external (not LAN range) IP addresses before posting.

Thanks for the quick replies. Here's the content you asked for:

Make sure you still have the previous rule set file (if anything fails you can load it similarly) and reload rule set below like this:
*The only thing this does is change the logging rule tags so it becomes easier to see which block rule actually logs this. All other rules remain the same.

Sorry for not responding sooner. Truth is I didn't fully understand your last response. So to clarify:

1) I copy the code at the end of your post into a file called "smells_of_elderberries.ufw1.txt" (or whatever)

2) On the server, do:
3) Then do:
What then? I'm not clear on what running this shell script will do, or what I should do with any result.

From what you say, once I've done that I should then return my settings to their original settings by repeating step 1 above, only replacing the text file with one that contains the code I myself posted in post 5 above.

Is that right?

Are you certain your subnet is a /28? I'm guessing (since your IPs start with 172) you're probably in the RFC 1918 space, where subnetting to /24 is far more common. If the SRC host is not within the /28 (i.e., wrong subnetting) you might have some not allowed in to Privoxy.

I just tried increasing the subnet range to /24, but tail -f /var/log/syslog still shows UFW blocking requests to port 8118. :(

Thanks though.

The script will run the command which loads the rule set into memory (activates it). The only change in the rule set is the logging text. That's done so you can see which rule actually blocks traffic.


No, once you restore settings (say by running the backup rule set with) you'll void the changes. For more see your newest thread.

I didn't think there was any overlap in the threads, but I suppose it makes sense to start using iptables directly and see whether, once the rules I need are in place, the same problems occur.

I'll consider this thread closed unless I decide that iptables really isn't for me.

Thanks for the assist.