Community Forum

Resolved
0 votes
Good Morning, I'm having some stranger issues with firewall and multiwan.

I have 2 dedicated links with static ip's, one primary with 100mb and other with 34mb in standby. Since june 5th i got an error of link down on the primary link. I activated de secondary link and everything works fine.

But now when i try to reactivate the primary link i always got a "IPv4 Firewall Error - Restricted Access Only" and internet stops working but when i switch to the secondary again everything starts working again.

could anyone face any similar issue like that? or have any advice?

Thanks
Friday, June 09 2017, 12:35 PM
Share this post:
Responses (18)
  • Accepted Answer

    Tuesday, July 25 2017, 02:12 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    There does not look like there is anything in the script to cause any looping when creating the firewall rules. It could be the files /etc/netify-fwa.conf or /usr/clearos/apps/netify_fwa/deploy/netify-fwa.sed have duplicate data in them. Can you post them both?

    The firewall panic seems because of MultiWAN, perhaps where you have multiwan loaded but only a single WAN IP address showing or something like that. It would take me a while to understand what is going on. It would be better for the devs to look at it.



    Sorry for the delay Nick


    [nfa]
    disable_protocol_rules = false
    disable_service_rules = false
    file_pid = /run/netify-fwa/netify-fwa.pid
    file_reload_lock = /run/netify-fwa/netify-fwa.reload
    file_state = /var/lib/netify-fwa/state.dat
    rule_ttl = 600
    rule_mark_base = 0x900000
    syslog_facility = local0

    [netify]
    node = /var/lib/netifyd/netifyd.sock
    service = 0

    [service_whitelist]

    [protocol_whitelist]

    [service_rules]



    # Netify FWA rule parser for firewall scriptlet

    # Remove rule prefix
    s/^rule\[[0-9]*\][[:space:]]*=[[:space:]]*//g

    # Remove rule enabled flag from end of rule
    s/,1$//g
    s/,true$//g

    # Substitute commas with spaces
    s/,/ /g

    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 11 2017, 06:03 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:
    In ClearOS 7.x are you aware that iptables now has a -C (check) switch? It should make firewall checking easier. I don't think the switch exists in 6.x.


    Nick,

    Apologize for the delay.

    Yes, I'm aware of the -C iptables switch, and it is actually used several times in that script.

    Unfortunately you can't use -C to check if a chain exists, it only works for rules. So the script uses -L to list the chain to check and if it fails then the chain is created. The script wasn't redirecting the output from -L thus a reload generated a lot of noise which appeared as though rules were being added over-and-over...
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 29 2017, 08:30 PM - #Permalink
    Resolved
    0 votes
    Hi Darryl,
    I'm on the road at the moment. I'll file a bug when I'm back at a PC.
    In ClearOS 7.x are you aware that iptables now has a -C (check) switch? It should make firewall checking easier. I don't think the switch exists in 6.x.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 29 2017, 05:39 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:
    I've filed bug 15481 for the netify/firewall issue, but please can you post the contents of two files I requested?


    Nick,

    I've fixed the verbose output from 10-netify-fwa on firewall reloads. It wasn't actually inserting rules over-and-over... it was simply checking to see if the chains it needed existed (by using iptables -L). The output from that check was intended to be discarded (2>/dev/null), but that was wrong as -L output would be sent to stdout not stderr. I've fixed that in the latest version.

    The real issue here is the multiWAN bug (nil value causing a panic). I'll try to replicate it here. I see why it's happening but not sure how that's even possible. More to come.

    Would you mind creating a new bug tracker entry for this specific issue and assign it to me?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, June 27 2017, 05:39 PM - #Permalink
    Resolved
    0 votes
    Hello Daniel,

    I've filed bug 15481 for the netify/firewall issue, but please can you post the contents of two files I requested?

    For the firewall panic, did you just disconnect one WAN and reboot or did you change any configuration as well?

    Nick
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 26 2017, 07:40 PM - #Permalink
    Resolved
    0 votes
    There does not look like there is anything in the script to cause any looping when creating the firewall rules. It could be the files /etc/netify-fwa.conf or /usr/clearos/apps/netify_fwa/deploy/netify-fwa.sed have duplicate data in them. Can you post them both?

    The firewall panic seems because of MultiWAN, perhaps where you have multiwan loaded but only a single WAN IP address showing or something like that. It would take me a while to understand what is going on. It would be better for the devs to look at it.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 26 2017, 12:47 PM - #Permalink
    Resolved
    0 votes
    Nick and Dave, I tried to boot with only the fastest internet link and it shows the UG Flag with the gateway but the IPV4 Firewall starts in panic mode. I run the "firewall start -d" and got this error at the end of the log:

    firewall: Error: /usr/clearos/apps/firewall/deploy/firewall.lua:2232: bad argument #1 to 'pairs' (table expected, got nil)
    firewall: Running firewall panic mode...

    Any ideas?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 26 2017, 11:59 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    @Dave,
    Are you able to spot the error with the netify script which is loading the firewall rules too often? Is there a race somewhere caused by the -w flag in iptables? Is NFA_RELOAD_TIMEOUT big enough?


    How can i do this Nick?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 19 2017, 06:58 PM - #Permalink
    Resolved
    0 votes
    @Dave,
    Are you able to spot the error with the netify script which is loading the firewall rules too often? Is there a race somewhere caused by the -w flag in iptables? Is NFA_RELOAD_TIMEOUT big enough?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 19 2017, 05:52 PM - #Permalink
    Resolved
    0 votes
    Dave Loper wrote:

    Do the following to troubleshoot...

    Stop the netify services (Protocol Filter and Application Filter)

    Next, pull the connection on the slower ISP while monitoring the syswatch logs.

    When the faster pipe is the only pipe, does the internet work? If not, see if you can ping using the following command

    ping -I eno1 8.8.8.8

    This will specifically send the ping down the eno1 interface.

    You can also see if you can ping the gateway interface for your eno1.

    Also, check your routing tables:

    netstat -rn

    Lastly, try rebooting your server with ONLY the faster connection attached.


    Dave Looks Like the faster connection is not getting the UG flag

    [root@gateway ~]# netstat -rn
    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 XXX.XXX.XXX.XXX 0.0.0.0 UG 0 0 0 eno2
    10.26.13.0 0.0.0.0 255.255.255.0 U 0 0 0 ens2f1
    YYY.YY.YY.YYY 0.0.0.0 255.255.255.248 U 0 0 0 eno1
    XXX.XXX.XXX.XXX 0.0.0.0 255.255.255.240 U 0 0 0 eno2
    [root@gateway ~]#
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 19 2017, 05:37 PM - #Permalink
    Resolved
    0 votes
    Daniel Luiz da Silva wrote:

    Nick Howitt wrote:

    I've edited your posts to put the data between code tags as I asked (for a reason - it makes the listings easier to read)

    The only thing that really stands out the the Netify rules seem to load over and over again and this must be wrong. Hopefully Dave will see this and post back.

    Please can you post the contents of /etc/clearos/firewall.d/10-netify-fwa?


    I don't have this archive
    [root@gateway firewall.d]# ls
    10-netify-fwa 10-ntp 90-attack-detector custom local types
    [root@gateway firewall.d]#


    Sorry here is


    #!/bin/bash
    # Netify FWA Application Filter Scriptlet

    NFA_ACTION=DROP
    NFA_CHAIN=FORWARD
    NFA_EXEC="/usr/clearos/sandbox/usr/bin/php -q /usr/share/netify-fwa/netify-fwa.php"
    NFA_PID_FILE=/run/netify-fwa/netify-fwa.pid
    NFA_RELOAD_LOCK=/run/netify-fwa/netify-fwa.reload
    NFA_RELOAD_TIMEOUT=5
    NFA_CONF_FILE=/etc/netify-fwa.conf
    NFA_SED_FILE=/usr/clearos/apps/netify_fwa/deploy/netify-fwa.sed
    NFA_MARK_BASE=$($NFA_EXEC -m | grep NFA_MARK_BASE | sed -e 's/.*NFA_MARK_BASE.*=[[:space:]]*//g')
    NFA_BASE_MASK=$($NFA_EXEC -m | grep NFA_BASE_MASK | sed -e 's/.*NFA_BASE_MASK.*=[[:space:]]*//g')

    if [ ! -f $NFA_CONF_FILE ]; then
    fw_logger warning "Netify FWA config not found, not creating hook rules."
    elif [ ! -f $NFA_PID_FILE ]; then
    fw_logger warning "Netify FWA is not running, not creating hook rules."
    elif [ ! -d "/proc/$(cat $NFA_PID_FILE)" ]; then
    fw_logger warning "Netify FWA is not running, not creating hook rules."
    else
    touch $NFA_RELOAD_LOCK
    kill -USR1 $(cat $NFA_PID_FILE)
    while [ $NFA_RELOAD_TIMEOUT -gt 0 ]; do
    [ -f $NFA_RELOAD_LOCK ] || break
    sleep 1
    NFA_RELOAD_TIMEOUT=$[ $NFA_RELOAD_TIMEOUT - 1 ]
    done

    if [ -f $NFA_RELOAD_LOCK ]; then
    fw_logger warning "Netify FWA took too long to reload."
    else
    egrep '^rule\[.*,(1|true)$' $NFA_CONF_FILE | sed -f $NFA_SED_FILE | sort | uniq |\
    while read NFA_TABLE NFA_MARK_CHAIN NFA_ID; do
    if ! $IPTABLES -t $NFA_TABLE -L ${NFA_MARK_CHAIN}_INGRESS 2>/dev/null; then
    $IPTABLES -t $NFA_TABLE -N ${NFA_MARK_CHAIN}_INGRESS
    fi
    if ! $IPTABLES -t $NFA_TABLE -L ${NFA_MARK_CHAIN}_EGRESS 2>/dev/null; then
    $IPTABLES -t $NFA_TABLE -N ${NFA_MARK_CHAIN}_EGRESS
    fi
    if ! $IPTABLES -t $NFA_TABLE -C $NFA_CHAIN -j ${NFA_MARK_CHAIN}_INGRESS 2>/dev/null; then
    $IPTABLES -t $NFA_TABLE -A $NFA_CHAIN -j ${NFA_MARK_CHAIN}_INGRESS
    fi
    if ! $IPTABLES -t $NFA_TABLE -C $NFA_CHAIN -j ${NFA_MARK_CHAIN}_EGRESS 2>/dev/null; then
    $IPTABLES -t $NFA_TABLE -A $NFA_CHAIN -j ${NFA_MARK_CHAIN}_EGRESS
    fi
    done

    egrep '^rule\[.*,(1|true)$' $NFA_CONF_FILE | sed -f $NFA_SED_FILE | sort | uniq |\
    while read NFA_TABLE NFA_MARK_CHAIN NFA_ID; do
    if ! $IPTABLES -t $NFA_TABLE -C $NFA_CHAIN -m mark --mark $NFA_MARK_BASE/$NFA_BASE_MASK -j $NFA_ACTION 2>/dev/null; then
    $IPTABLES -t $NFA_TABLE -A $NFA_CHAIN -m mark --mark $NFA_MARK_BASE/$NFA_BASE_MASK -j $NFA_ACTION
    fi
    done
    fi
    fi
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 19 2017, 05:35 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I've edited your posts to put the data between code tags as I asked (for a reason - it makes the listings easier to read)

    The only thing that really stands out the the Netify rules seem to load over and over again and this must be wrong. Hopefully Dave will see this and post back.

    Please can you post the contents of /etc/clearos/firewall.d/10-netify-fwa?


    I don't have this archive
    [root@gateway firewall.d]# ls
    10-netify-fwa 10-ntp 90-attack-detector custom local types
    [root@gateway firewall.d]#
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, June 18 2017, 01:14 AM - #Permalink
    Resolved
    0 votes
    Do the following to troubleshoot...

    Stop the netify services (Protocol Filter and Application Filter)

    Next, pull the connection on the slower ISP while monitoring the syswatch logs.

    When the faster pipe is the only pipe, does the internet work? If not, see if you can ping using the following command

    ping -I eno1 8.8.8.8

    This will specifically send the ping down the eno1 interface.

    You can also see if you can ping the gateway interface for your eno1.

    Also, check your routing tables:

    netstat -rn

    Lastly, try rebooting your server with ONLY the faster connection attached.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 15 2017, 08:20 PM - #Permalink
    Resolved
    0 votes
    I've edited your posts to put the data between code tags as I asked (for a reason - it makes the listings easier to read)

    The only thing that really stands out the the Netify rules seem to load over and over again and this must be wrong. Hopefully Dave will see this and post back.

    Please can you post the contents of /etc/clearos/firewall.d/10-netify-fwa?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 12 2017, 07:24 PM - #Permalink
    Resolved
    0 votes
    Activity of Syswatch

    I tryed to swtch back to eno1 and standby eno2 but again internet goes down, then swtch both to primary and internet goes up, both connections shows online, but all traffic goes to eno2

    try to add a source rule to all traffic to eno1 but seems no effect.


    Mon Jun 12 13:59:17 2017 info: system - heartbeat...
    Mon Jun 12 14:09:18 2017 info: system - heartbeat...
    Mon Jun 12 14:19:18 2017 info: system - heartbeat...
    Mon Jun 12 14:19:20 2017 debug: eno2 - ping check on server #1 failed - 8.8.8.8 (ping size: 1)
    Mon Jun 12 14:22:22 2017 debug: eno2 - ping check on server #1 failed - 8.8.8.8 (ping size: 1)
    Mon Jun 12 14:29:23 2017 info: system - heartbeat...
    Mon Jun 12 14:37:33 2017 info: system - syswatch terminated
    Mon Jun 12 14:37:33 2017 info: system - syswatch started
    Mon Jun 12 14:37:33 2017 info: config - IP referrer disabled in multi-WAN
    Mon Jun 12 14:37:33 2017 info: config - IP referrer tool is installed
    Mon Jun 12 14:37:33 2017 info: config - debug level - 0
    Mon Jun 12 14:37:33 2017 info: config - retries - 3
    Mon Jun 12 14:37:33 2017 info: config - heartbeat - 15
    Mon Jun 12 14:37:33 2017 info: config - interval - 20 seconds
    Mon Jun 12 14:37:33 2017 info: config - offline interval - 10 seconds
    Mon Jun 12 14:37:33 2017 info: config - referrer IP detection - disabled
    Mon Jun 12 14:37:33 2017 info: config - ping server auto-detect - enabled
    Mon Jun 12 14:37:33 2017 info: config - try pinging gateway - yes
    Mon Jun 12 14:37:33 2017 info: config - number of external networks - 2
    Mon Jun 12 14:37:33 2017 info: config - monitoring external network - eno2
    Mon Jun 12 14:37:33 2017 info: config - monitoring external network - eno1
    Mon Jun 12 14:37:33 2017 info: config - number of standby networks - 0
    Mon Jun 12 14:37:33 2017 info: info - loading network configuration
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno2 - config: ifcfg-eno2
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno2 - onboot: enabled
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno2 - type: static
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno2 - wifi: disabled
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno2 - gateway: XXX.XXX.XXX.XXX
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno1 - config: ifcfg-eno1
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno1 - onboot: enabled
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno1 - type: static
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno1 - wifi: disabled
    Mon Jun 12 14:37:33 2017 info: info - network configuration for eno1 - gateway: YYY.YY.YY.YYY
    Mon Jun 12 14:37:33 2017 info: eno2 - network - IP address - XXX.XXX.XXX.XXX
    Mon Jun 12 14:37:33 2017 info: eno2 - network - gateway - XXX.XXX.XXX.XXX
    Mon Jun 12 14:37:33 2017 info: eno2 - network - type - public IP range
    Mon Jun 12 14:37:33 2017 info: eno1 - network - IP address - YYY.YY.YY.YYY
    Mon Jun 12 14:37:33 2017 info: eno1 - network - gateway - YYY.YY.YY.YYY
    Mon Jun 12 14:37:33 2017 info: eno1 - network - type - public IP range
    Mon Jun 12 14:37:33 2017 info: system - changing active WAN list - eno1 eno2 (was startup)
    Mon Jun 12 14:37:33 2017 info: system - current WANs in use - eno1 eno2
    Mon Jun 12 14:37:33 2017 info: system - restarting firewall
    Mon Jun 12 14:37:57 2017 info: system - updating intrusion prevention whitelist
    Mon Jun 12 14:37:57 2017 info: system - adding ping server 54.152.208.245
    Mon Jun 12 14:37:57 2017 info: system - adding ping server 8.8.8.8
    Mon Jun 12 14:37:57 2017 info: system - adding DNS server 8.8.8.8
    Mon Jun 12 14:37:57 2017 info: system - adding DNS server 208.67.222.222
    Mon Jun 12 14:37:57 2017 info: system - adding DNS server 8.8.4.4
    Mon Jun 12 14:37:57 2017 info: system - reloading intrusion prevention system
    Mon Jun 12 14:38:04 2017 info: system - dynamic DNS updated
    Mon Jun 12 14:40:22 2017 info: system - syswatch terminated
    Mon Jun 12 14:40:22 2017 info: system - syswatch started
    Mon Jun 12 14:40:22 2017 info: config - IP referrer tool is installed
    Mon Jun 12 14:40:22 2017 info: config - debug level - 0
    Mon Jun 12 14:40:22 2017 info: config - retries - 5
    Mon Jun 12 14:40:22 2017 info: config - heartbeat - 10
    Mon Jun 12 14:40:22 2017 info: config - interval - 60 seconds
    Mon Jun 12 14:40:22 2017 info: config - offline interval - 10 seconds
    Mon Jun 12 14:40:22 2017 info: config - referrer IP detection - enabled
    Mon Jun 12 14:40:22 2017 info: config - ping server auto-detect - enabled
    Mon Jun 12 14:40:22 2017 info: config - try pinging gateway - yes
    Mon Jun 12 14:40:22 2017 info: config - number of external networks - 1
    Mon Jun 12 14:40:22 2017 info: config - monitoring external network - eno1
    Mon Jun 12 14:40:22 2017 info: config - number of standby networks - 1
    Mon Jun 12 14:40:22 2017 info: config - standby network - eno2
    Mon Jun 12 14:40:22 2017 info: info - loading network configuration
    Mon Jun 12 14:40:22 2017 info: info - network configuration for eno1 - config: ifcfg-eno1
    Mon Jun 12 14:40:22 2017 info: info - network configuration for eno1 - onboot: enabled
    Mon Jun 12 14:40:22 2017 info: info - network configuration for eno1 - type: static
    Mon Jun 12 14:40:22 2017 info: info - network configuration for eno1 - wifi: disabled
    Mon Jun 12 14:40:22 2017 info: info - network configuration for eno1 - gateway: YYY.YY.YY.YYY
    Mon Jun 12 14:40:22 2017 info: eno1 - network - IP address - YYY.YY.YY.YYY
    Mon Jun 12 14:40:22 2017 info: eno1 - network - gateway - YYY.YY.YY.YYY
    Mon Jun 12 14:40:22 2017 info: eno1 - network - type - public IP range
    Mon Jun 12 14:40:22 2017 info: system - changing active WAN list - eno1 (was startup)
    Mon Jun 12 14:40:22 2017 info: system - current WANs in use - eno1
    Mon Jun 12 14:40:22 2017 info: system - restarting firewall
    Mon Jun 12 14:40:31 2017 info: system - updating intrusion prevention whitelist
    Mon Jun 12 14:40:31 2017 info: system - adding ping server 54.152.208.245
    Mon Jun 12 14:40:31 2017 info: system - adding ping server 8.8.8.8
    Mon Jun 12 14:40:31 2017 info: system - adding DNS server 8.8.8.8
    Mon Jun 12 14:40:31 2017 info: system - adding DNS server 208.67.222.222
    Mon Jun 12 14:40:31 2017 info: system - adding DNS server 8.8.4.4
    Mon Jun 12 14:40:31 2017 info: system - reloading intrusion prevention system
    Mon Jun 12 14:40:52 2017 warn: system - dynamic DNS update failed - see system log
    Mon Jun 12 14:40:52 2017 info: system - DNS update will try again on next heartbeat
    Mon Jun 12 14:42:26 2017 info: system - syswatch terminated
    Mon Jun 12 14:42:26 2017 info: system - syswatch started
    Mon Jun 12 14:42:26 2017 info: config - IP referrer disabled in multi-WAN
    Mon Jun 12 14:42:26 2017 info: config - IP referrer tool is installed
    Mon Jun 12 14:42:26 2017 info: config - debug level - 0
    Mon Jun 12 14:42:26 2017 info: config - retries - 3
    Mon Jun 12 14:42:26 2017 info: config - heartbeat - 15
    Mon Jun 12 14:42:26 2017 info: config - interval - 20 seconds
    Mon Jun 12 14:42:26 2017 info: config - offline interval - 10 seconds
    Mon Jun 12 14:42:26 2017 info: config - referrer IP detection - disabled
    Mon Jun 12 14:42:26 2017 info: config - ping server auto-detect - enabled
    Mon Jun 12 14:42:26 2017 info: config - try pinging gateway - yes
    Mon Jun 12 14:42:26 2017 info: config - number of external networks - 2
    Mon Jun 12 14:42:26 2017 info: config - monitoring external network - eno2
    Mon Jun 12 14:42:26 2017 info: config - monitoring external network - eno1
    Mon Jun 12 14:42:26 2017 info: config - number of standby networks - 0
    Mon Jun 12 14:42:26 2017 info: info - loading network configuration
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno2 - config: ifcfg-eno2
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno2 - onboot: enabled
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno2 - type: static
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno2 - wifi: disabled
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno2 - gateway: XXX.XXX.XXX.XXX
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno1 - config: ifcfg-eno1
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno1 - onboot: enabled
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno1 - type: static
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno1 - wifi: disabled
    Mon Jun 12 14:42:26 2017 info: info - network configuration for eno1 - gateway: YYY.YY.YY.YYY
    Mon Jun 12 14:42:26 2017 info: eno2 - network - IP address - XXX.XXX.XXX.XXX
    Mon Jun 12 14:42:26 2017 info: eno2 - network - gateway - XXX.XXX.XXX.XXX
    Mon Jun 12 14:42:26 2017 info: eno2 - network - type - public IP range
    Mon Jun 12 14:42:26 2017 info: eno1 - network - IP address - YYY.YY.YY.YYY
    Mon Jun 12 14:42:26 2017 info: eno1 - network - gateway - YYY.YY.YY.YYY
    Mon Jun 12 14:42:26 2017 info: eno1 - network - type - public IP range
    Mon Jun 12 14:42:26 2017 info: system - changing active WAN list - eno1 eno2 (was startup)
    Mon Jun 12 14:42:26 2017 info: system - current WANs in use - eno1 eno2
    Mon Jun 12 14:42:26 2017 info: system - restarting firewall
    Mon Jun 12 14:42:49 2017 info: system - updating intrusion prevention whitelist
    Mon Jun 12 14:42:49 2017 info: system - adding ping server 54.152.208.245
    Mon Jun 12 14:42:49 2017 info: system - adding ping server 8.8.8.8
    Mon Jun 12 14:42:49 2017 info: system - adding DNS server 8.8.8.8
    Mon Jun 12 14:42:49 2017 info: system - adding DNS server 208.67.222.222
    Mon Jun 12 14:42:49 2017 info: system - adding DNS server 8.8.4.4
    Mon Jun 12 14:42:49 2017 info: system - reloading intrusion prevention system
    Mon Jun 12 14:42:53 2017 info: system - dynamic DNS updated
    Mon Jun 12 14:47:54 2017 info: system - heartbeat...
    Mon Jun 12 14:52:56 2017 info: system - heartbeat...
    Mon Jun 12 14:57:57 2017 info: system - heartbeat...
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 12 2017, 07:12 PM - #Permalink
    Resolved
    0 votes
    My two links are:
    eno1= YYY.YY.YY.YYY THE PRIMARY ONE WHOS NOT COMING BACK ALIVE
    eno2= XXX.XXX.XXX.XXX THE SECONDARY ONE WHO IS ALIVE BUT IS SLOW





    firewall: Starting firewall...
    firewall: Loading environment
    firewall: FW_MODE=gateway
    firewall: FW_PROTO=ipv4
    firewall: WANIF=eno1
    firewall: WANIF=eno2
    firewall: LANIF=ens2f1
    firewall: SYSWATCH_WANIF=eno1
    firewall: SYSWATCH_WANIF=eno2
    firewall: WIFIF=
    firewall: BANDWIDTH_QOS=off
    firewall: QOS_ENGINE=internal
    firewall: SQUID_USER_AUTHENTICATION=off
    firewall: SQUID_TRANSPARENT=on
    firewall: IPSEC_SERVER=off
    firewall: PPTP_SERVER=off
    firewall: ONE_TO_ONE_NAT_MODE=type2
    firewall: MULTIPATH_WEIGHTS=eno2|1
    firewall: MULTIPATH_WEIGHTS=eno1|1
    firewall: RULES=||0x10000080|6|XXX.XXX.XXX.XXX||eno2_10.26.13.2
    firewall: RULES=||0x10000080|6|YYY.YY.YY.YYY||eno1_10.26.13.2
    firewall: RULES=||0x10000080|17|XXX.XXX.XXX.XXX||eno2_10.26.13.2
    firewall: RULES=||0x10000080|17|YYY.YY.YY.YYY||eno1_10.26.13.2
    firewall: RULES=Administrativo||0x10000800|0|10.26.13.2||eno1
    firewall: RULES=SSH||0x00000001|6||22|
    firewall: RULES=webconfig||0x10000001|6||81|
    firewall: FW_DROP=DROP
    firewall: FW_ACCEPT=ACCEPT
    firewall: IPBIN=/sbin/ip
    firewall: TCBIN=/sbin/tc
    firewall: MODPROBE=/sbin/modprobe
    firewall: RMMOD=/sbin/rmmod
    firewall: SYSCTL=/sbin/sysctl
    firewall: IFCONFIG=/sbin/ifconfig
    firewall: PPTP_PASSTHROUGH_FORCE=no
    firewall: EGRESS_FILTERING=off
    firewall: PROTOCOL_FILTERING=off
    firewall: Detected WAN role for interface: eno1
    firewall: Detected WAN role for interface: eno2
    firewall: Detected LAN role for interface: ens2f1
    firewall: Setting kernel parameters
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=2048 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=8192 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=16384 >/dev/null = 0
    firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
    firewall: Detected WAN info - eno1 YYY.YY.YY.YYY on network YYY.YY.YY.YYY/29
    firewall: Detected WAN info - eno2 XXX.XXX.XXX.XXX on network XXX.XXX.XXX.XXX/28
    firewall: Detected LAN info - ens2f1 10.26.13.1 on network 10.26.13.0/24
    firewall: Using gateway mode
    firewall: Loading kernel modules
    firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe nf_conntrack_ipv4 >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
    firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
    firewall: Loading kernel modules for NAT
    firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
    firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
    firewall: Setting default policy to DROP
    firewall: Defining custom chains
    firewall: iptables -t filter -A DROP-lan -j DROP
    firewall: Running blocked external rules
    firewall: Running custom rules
    firewall: Running common rules
    firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
    firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
    firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    firewall: iptables -t filter -A INPUT -i eno1 -s 127.0.0.0/8 -j DROP
    firewall: iptables -t filter -A INPUT -i eno1 -s 169.254.0.0/16 -j DROP
    firewall: iptables -t filter -A INPUT -i eno2 -s 127.0.0.0/8 -j DROP
    firewall: iptables -t filter -A INPUT -i eno2 -s 169.254.0.0/16 -j DROP
    firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
    firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
    firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
    firewall: iptables -t filter -A INPUT -i ens2f1 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o ens2f1 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p icmp --icmp-type 0 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p icmp --icmp-type 3 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p icmp --icmp-type 8 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p icmp --icmp-type 11 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno1 -p icmp -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p udp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p tcp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno1 -p udp --sport bootpc --dport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno1 -p tcp --sport bootpc --dport bootps -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p icmp --icmp-type 0 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p icmp --icmp-type 3 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p icmp --icmp-type 8 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p icmp --icmp-type 11 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno2 -p icmp -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p udp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p tcp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno2 -p udp --sport bootpc --dport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno2 -p tcp --sport bootpc --dport bootps -j ACCEPT
    firewall: Running incoming denied rules
    firewall: Running user-defined incoming rules
    firewall: Allowing incoming tcp port/range 81
    firewall: iptables -t filter -A INPUT -p 6 -d YYY.YY.YY.YYY --dport 81 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -p 6 -o eno1 -s YYY.YY.YY.YYY --sport 81 -j ACCEPT
    firewall: iptables -t filter -A INPUT -p 6 -d XXX.XXX.XXX.XXX --dport 81 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -p 6 -o eno2 -s XXX.XXX.XXX.XXX --sport 81 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
    firewall: Running default incoming allowed rules
    firewall: iptables -t filter -A OUTPUT -o eno1 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eno2 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eno2 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: Running user-defined port forward rules
    firewall: /sbin/rmmod imq 2>/dev/null = 256
    firewall: /sbin/tc qdisc del dev eno1 root >/dev/null 2>&1 = 512
    firewall: /sbin/tc qdisc del dev eno2 root >/dev/null 2>&1 = 512
    firewall: Running 1-to-1 NAT rules
    firewall: Creating alias IP address for 1-to-1 NAT: YYY.YY.YY.YYY
    SIOCSIFFLAGS: Cannot assign requested address
    firewall: /sbin/ifconfig eno1:200 YYY.YY.YY.YYY netmask 255.255.255.248 up = 65280
    firewall: Creating alias IP address for 1-to-1 NAT: XXX.XXX.XXX.XXX
    SIOCSIFFLAGS: Cannot assign requested address
    firewall: /sbin/ifconfig eno2:XXX.XXX.XXX.XXX netmask 255.255.255.240 up = 65280
    firewall: Enabling 1:1 NAT eno2 10.26.13.2 - XXX.XXX.XXX.XXX
    firewall: iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -j DNAT --to 10.26.13.2
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.2 -j SNAT --to XXX.XXX.XXX.XXX
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.0/255.255.255.0 -d 10.26.13.2 -j SNAT --to 10.26.13.1
    firewall: iptables -t filter -A FORWARD -i eno2 -d 10.26.13.2 -j ACCEPT
    firewall: Enabling 1:1 NAT eno1 10.26.13.2 - YYY.YY.YY.YYY
    firewall: iptables -t nat -A PREROUTING -d YYY.YY.YY.YYY -j DNAT --to 10.26.13.2
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.2 -j SNAT --to YYY.YY.YY.YYY
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.0/255.255.255.0 -d 10.26.13.2 -j SNAT --to 10.26.13.1
    firewall: iptables -t filter -A FORWARD -i eno1 -d 10.26.13.2 -j ACCEPT
    firewall: Enabling 1:1 NAT eno2 10.26.13.2 - XXX.XXX.XXX.XXX
    firewall: iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -j DNAT --to 10.26.13.2
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.2 -j SNAT --to XXX.XXX.XXX.XXX
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.0/255.255.255.0 -d 10.26.13.2 -j SNAT --to 10.26.13.1
    firewall: iptables -t filter -A FORWARD -i eno2 -d 10.26.13.2 -j ACCEPT
    firewall: Enabling 1:1 NAT eno1 10.26.13.2 - YYY.YY.YY.YYY
    firewall: iptables -t nat -A PREROUTING -d YYY.YY.YY.YYY -j DNAT --to 10.26.13.2
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.2 -j SNAT --to YYY.YY.YY.YYY
    firewall: iptables -t nat -A POSTROUTING -s 10.26.13.0/255.255.255.0 -d 10.26.13.2 -j SNAT --to 10.26.13.1
    firewall: iptables -t filter -A FORWARD -i eno1 -d 10.26.13.2 -j ACCEPT
    firewall: Running user-defined proxy rules
    firewall: Content filter is online
    firewall: Web proxy is online
    firewall: iptables -t nat -A PREROUTING -p tcp -d 10.26.13.1 --dport 80 -j ACCEPT
    firewall: iptables -t nat -A PREROUTING -p tcp -d YYY.YY.YY.YYY --dport 80 -j ACCEPT
    firewall: iptables -t nat -A PREROUTING -p tcp -d XXX.XXX.XXX.XXX --dport 80 -j ACCEPT
    firewall: Enabled proxy+filter transparent mode for filter port: 8080
    firewall: iptables -t nat -A PREROUTING -i ens2f1 -p tcp --dport 80 -j REDIRECT --to-port 8080
    firewall: Blocking proxy port 3128 to force users through content filter
    firewall: iptables -t filter -I INPUT -p tcp ! -s 127.0.0.1 --dport 3128 -j DROP
    firewall: Running multipath
    firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del prio ${PRIO%%:*} 2>/dev/null; done = 0
    firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del $RULE prio ${PRIO%%:*} 2>/dev/null; done = 0
    firewall: /sbin/ip route flush table 50 = 0
    firewall: /sbin/ip route flush table 200 = 0
    firewall: Creating routing table for interface eno1
    firewall: /sbin/ip rule add prio 200 from YYY.YY.YY.YYY/29 table 200 = 0
    firewall: /sbin/ip route add default via YYY.YY.YY.YYY dev eno1 src 177.43.76.171 proto static table 200 = 0
    firewall: /sbin/ip route append prohibit default table 200 metric 1 proto static = 0
    firewall: /sbin/ip route flush table 201 = 0
    firewall: Creating routing table for interface eno2
    firewall: /sbin/ip rule add prio 201 from XXX.XXX.XXX.XXX/28 table 201 = 0
    firewall: /sbin/ip route add default via XXX.XXX.XXX.XXX dev eno2 src XXX.XXX.XXX.XXX proto static table 201 = 0
    firewall: /sbin/ip route append prohibit default table 201 metric 1 proto static = 0
    firewall: /sbin/ip route flush table 250 = 0
    firewall: Running multipath routing
    firewall: /sbin/ip rule add prio 50 table 50 = 0
    firewall: /sbin/ip rule add prio 100 fwmark 0x8000 table 100 = 0
    firewall: /sbin/ip rule add prio 101 fwmark 0x8001 table 101 = 0
    firewall: /sbin/ip route flush table 50 = 0
    firewall: /sbin/ip route ls table main | grep -Ev ^default | while read LINE; do /sbin/ip route add table 50 $LINE; done = 0
    firewall: /sbin/ip route flush table 100 = 0
    firewall: /sbin/ip route ls table main | grep -Ev ^default | while read LINE; do HOST=$(echo $LINE | awk '{ print $1 }'); DEV=$(echo $LINE | awk '{ print $3 }'); if [ "$HOST" == "YYY.YY.YY.YYY" -a "$DEV" != "eno1" ]; then continue; fi; /sbin/ip route add table 100 $LINE; done = 0
    firewall: /sbin/ip route add table 100 default via YYY.YY.YY.YYY dev eno1 = 0
    firewall: /sbin/ip route flush table 101 = 0
    firewall: /sbin/ip route ls table main | grep -Ev ^default | while read LINE; do HOST=$(echo $LINE | awk '{ print $1 }'); DEV=$(echo $LINE | awk '{ print $3 }'); if [ "$HOST" == "XXX.XXX.XXX.XXX" -a "$DEV" != "eno2" ]; then continue; fi; /sbin/ip route add table 101 $LINE; done = 0
    firewall: /sbin/ip route add table 101 default via XXX.XXX.XXX.XXX dev eno2 = 0
    firewall: /sbin/ip rule add prio 250 table 250 = 0
    firewall: /sbin/ip route add default table 250 proto static nexthop via YYY.YY.YY.YYY dev eno1 weight 1 nexthop via XXX.XXX.XXX.XXX dev eno2 weight 1 = 0
    firewall: iptables -t mangle -A MULTIWAN_eno1 -j MARK --set-mark 0x8000
    firewall: iptables -t mangle -A POSTROUTING -o eno1 -j CONNMARK --set-mark 0x8000
    firewall: iptables -t mangle -A FORWARD -i eno1 -j CONNMARK --set-mark 0x8000
    firewall: iptables -t mangle -A MULTIWAN_eno2 -j MARK --set-mark 0x8001
    firewall: iptables -t mangle -A POSTROUTING -o eno2 -j CONNMARK --set-mark 0x8001
    firewall: iptables -t mangle -A FORWARD -i eno2 -j CONNMARK --set-mark 0x8001
    firewall: iptables -t mangle -A MULTIWAN_RESTORE -j CONNMARK --restore-mark
    firewall: iptables -t mangle -A PREROUTING -i ens2f1 -m state --state NEW -j MULTIWAN_MARK
    firewall: iptables -t mangle -A PREROUTING -i ens2f1 -m state --state RELATED,ESTABLISHED -j MULTIWAN_RESTORE
    firewall: Adding source-based route rule: 10.26.13.2 -> YYY.YY.YY.YYY (eno1)
    firewall: iptables -t mangle -A MULTIWAN_MARK -s 10.26.13.2 -j MULTIWAN_eno1
    firewall: /sbin/ip route flush cache = 0
    firewall: Running Masquerading
    firewall: Enabling NAT on WAN interface eno1
    firewall: iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
    firewall: Enabling NAT on WAN interface eno2
    firewall: iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE
    firewall: Running user-defined outgoing block rules
    firewall: Running default forwarding rules
    firewall: iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i pptp+ -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i tun+ -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i ens2f1 -j ACCEPT
    firewall: Execution time: 1.604s
    firewall: Running post-firewall: 20730
    firewall: Running /etc/clearos/firewall.d/custom
    firewall: Running /etc/clearos/firewall.d/local
    firewall: Running /etc/clearos/firewall.d/10-netify-fwa
    Chain NETIFY_FWA_PROTOCOL_INGRESS (0 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (0 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_INGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 187.37.167.177 10.26.13.2 tcp spt:38940 MARK set 0x900025
    MARK udp -- 187.37.167.177 10.26.13.2 udp spt:38940 MARK set 0x900025
    MARK tcp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 tcp spt:43993 MARK set 0x900025
    MARK udp -- 106.red-81-34-30.dynamicip.rima-tde.net 10.26.13.2 udp spt:43993 MARK set 0x900025
    MARK tcp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 tcp spt:60572 MARK set 0x900025
    MARK udp -- 179-113-240-29.user.vivozap.com.br 10.26.13.2 udp spt:60572 MARK set 0x900025
    MARK tcp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 tcp spt:57257 MARK set 0x900025
    MARK udp -- c-73-87-169-55.hsd1.md.comcast.net 10.26.13.2 udp spt:57257 MARK set 0x900025
    Chain NETIFY_FWA_PROTOCOL_EGRESS (1 references)
    target prot opt source destination
    MARK tcp -- 10.26.13.2 187.37.167.177 tcp dpt:38940 MARK set 0x900025
    MARK udp -- 10.26.13.2 187.37.167.177 udp dpt:38940 MARK set 0x900025
    MARK tcp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net tcp dpt:43993 MARK set 0x900025
    MARK udp -- 10.26.13.2 106.red-81-34-30.dynamicip.rima-tde.net udp dpt:43993 MARK set 0x900025
    MARK tcp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br tcp dpt:60572 MARK set 0x900025
    MARK udp -- 10.26.13.2 179-113-240-29.user.vivozap.com.br udp dpt:60572 MARK set 0x900025
    MARK tcp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net tcp dpt:57257 MARK set 0x900025
    MARK udp -- 10.26.13.2 c-73-87-169-55.hsd1.md.comcast.net udp dpt:57257 MARK set 0x900025
    firewall: Running /etc/clearos/firewall.d/10-ntp
    firewall: Running /etc/clearos/firewall.d/90-attack-detector
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 10 2017, 11:15 PM - #Permalink
    Resolved
    0 votes
    Another thing to check is the syswatch log which registers the activity for multi-WAN
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 09 2017, 04:47 PM - #Permalink
    Resolved
    0 votes
    Can you try starting the firewall with a "firewall-start -d" and paste the output (between code tags)?
    The reply is currently minimized Show
Your Reply