|reply to kruser |
Re: Cannot reach http:// sites, but https:// sites are ok
Turns out the problem is back. I also was able to verify that the allow http outbound was indeed checked. I also went to the GUI instead of the MDC and from there I was able to check/uncheck everything I wanted to. So while I figured that out, I'm back to ground zero on check box thing.
I also noticed that this time the issue came and went on its own with only a few minutes or so in between. Meaning, one moment it was working then 5-10 mins later or so it wasn't, etc. And I have no idea what's causing it. I'm doing full virus scans, etc. but still running.
The only thing that I've seen of interest is in the detailed firewall info where by I see this over and over: sess: bkt 21, flags: 0x000001a1, proto: 17, cnt: 2
l: 192.168.1.6:54456, f: 18.104.22.168:53, n: xxx.xxx.xxx.xxx:nnnnn
lnd: (51,0), fnd: (44,0)
last used 4616, max_idle: 360
Where nnnnn is a different port each listing. And there are about 850/1024 session table entries available. Seems a bit high, but not sure. Is there a place to change the session timeout?
Any ideas are appreciated.
Not using the firewall feature, I really don't have any for sure ideas. I can only offer suggestions from this point.
The one example you posted appears to be an inbound DNS request or ACK originating on port 53.
I know a Microsoft security patch many months ago changed the way DNS requests are sent and they can now use a very wide range of ports. I think you will still see a lot of port 53 traffic in your logs though. That should be the DNS server responding to your requests. So those logs may be fine.
Maybe you could post a link to this thread and some of your logs in the 2wire forum.
I know there are some users there that know a lot more about interpreting the 2wire logs.
Most below this line is just suggestions that may help you or others determine the cause.
How many computers do you have that connect via the 2wire?
And is wireless on? Disable that in the GUI if not needed in case someone has hijacked that connection.
Check external wireless routers or access points also and maybe disable them if you can run without them for however long it takes for this problem to occur.
I don't know what the 2wire does when it sees excessive traffic.
I use a Zyxel product for my firewall and it can lock certain traffic out for an amount of time if it sees excessive traffic. I would guess the 2wire can do the same.
Have you tried playing with the check boxes under the advanced tab in the GUI for the firewall? The ones in the Attack Detection box under that tab. While that may get things working, I'd be careful as unchecking some of them may be letting things out/in that should not be allowed. The 2wire may really be blocking something that it should be if unchecking some of those boxes seems to get things working again! So be careful with that.
If more than one computer, try and watch the logs for one with a higher amount of activity and kill it for a while and see if HTTP traffic is restored after a few minutes.
Also, if more than one computer, does this problem occur on all computers when it happens?
What model is your 2wire?
If you only have the one computer, I'd be tempted to swap the 2wire for your other modem and let it run for a day or two and see if the problem recurs.
What model is your spare modem?
Just make sure you have any security apps up and running as you may only have NAT protection depending on what model your spare modem is.