[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Watchguard is blocking IP address

Posted on 2009-04-21
6
Medium Priority
?
4,043 Views
Last Modified: 2013-11-16
I have a Firebox X Edge. I see in the logs it is arbitraliy blocking an IP address. The IP address is happens to be blocking is from RIM (Blackberry). I've been on support with them because our blackberry's are not getting email anymore. They are unable to ping my IP and they cannot telent to my mail server. Any other IP I try to ping and telnet from work fine. All my other users are able to POP with no problem. I can see the Watchguard logs that they are being blocked.

Apr 21 20:10:52  kernel  deny in eth0 60 tcp 20 48 67.223.81.253 71.189.24.131 39340 143 syn (default)  Apr 21 20:10:52  kernel  deny in eth0 60 tcp 20 49 67.223.81.253 71.189.24.131 39339 143 syn (default)  
Apr 21 20:10:28  kernel  deny in eth0 60 tcp 20 48 67.223.81.253 71.189.24.131 39340 143 syn (default)  Apr 21 20:10:28  kernel  deny in eth0 60 tcp 20 49 67.223.81.253 71.189.24.131 39339 143 syn (default)  

So my question is how in the heck do I unblock them? I cannot find anywhere that I can unblock them or make this think not block them. I was going to try and open up ports 1-65535 from all of their IP ranges, but doing so I somehow blocked myself out of being able to RDP to the server....

Any help would be much appreciated.

--Steve
0
Comment
Question by:Steve Marin
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24208460
Looking at the logs the server is trying to initiate a connection from outside (internet) for the internal network this would be denied by default. You need to add a service and forward the ports to an internal machine for which the communication is intended.

Can you advice if this communication is for a single machine or multiple machines.

Also, some details about the model and version of software so I can list out steps to you.

Thank you.
0
 
LVL 1

Author Comment

by:Steve Marin
ID: 24209017
I understand about the servies for outside access, this already works fine from anywhere in the world except for blackberry's IP's. I have my own mail server running and port 25 and 110 are open to the internal IP 192.168.10.10 (which is my linux mail server).

Here is the newest I see today.
Apr 22 13:00:22  kernel  deny in eth0 40 tcp 20 48 66.227.62.212 192.168.10.10 42614 25 ack rst (Non-est TCP)  
And here is what happens from an off net IP
root@pebkac-server:/# telnet mail.domain.com 25
Trying 71.XXX.XX.131...
Connected to mail.domain.com.
Escape character is '^]'.
220 ubuntu.domain.com ESMTP Postfix (Ubuntu)

Here are my specs for the Watchgurad:
Firewall 8.5.1
Mar 2 2007
build 8138
Model X55e

Like I said, I just don't see anywhere that I can tell it to stop blocking this IP...


--Steve


0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24212065
Two entries are different, in the logs posted originally:
67.223.81.253 [which I think is blackberry IP] is sending TCP/143 (IMAP) traffic to 71.x.x.131

In the second log:
66.227.62.212 [I think again blackberry traffic] is sending traffic to 192.168.10.10 [internal IP of server]; typically you should be sending traffic on 71.x.x131 instead.
Is there a DNS server which is resolving the domain name as internal IP on Blackberry.
Also, the log only idicate that firewall blocked ACK/RST packet, however there was no established connection between the communicating addresses.

If you would observe, when you tried telnet mail.domain.com 25, the IP which was tried was:
Trying 71.XXX.XX.131...

I think it is a DNS problem.

Thank you.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 1

Accepted Solution

by:
Steve Marin earned 0 total points
ID: 25408954
This just fixed itself, I have a feeling that BIS had something going on that day.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25410166
Good to know the problem is resolved.
0
 
LVL 1

Author Comment

by:Steve Marin
ID: 25608176
This just fixed itself, I have a feeling that BIS had something going on that day.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question