D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: RGData on June 14, 2010, 04:02:10 AM
-
I have a web server in the DMZ running an SSL site with a Java applet, we have people logging in to the site and using the applet to enter information which is transfered to a sql database. At random times I get a "no_new_conn_for_this_packet" (error 600012) from the person using the applets public IP to my public IP, followed straight away by "ruleset_drop_packet" (error 6000051) from the web servers IP to the dfl's DMZ IP even though I have a NAT rule to allow this connection.
The result of this is a error connecting to database shown to the people using the applet. Is there a way to stop this happening?
-
If you didn't changed WebUI HTTPS port previously, do it now.
-
I have now changed the port, would that be the cause of this problem?
-
Still got the problem :-[
-
Please show full log message
-
Warning RULE Default_Rule TCP DMZ 172.17.100.252 443 ruleset_drop_packet
6000051 172.17.100.254 43642 drop
----------------------------------------------------------------------------------------------------
Warning CONN LogOpenFails TCP wan1 (client Public IP) 29899 no_new_conn_for_this
600012 (My Public IP) 443 reject
----------------------------------------------------------------------------------------------------
My web server IP is the 172.17.100.252 and the .254 is the DFL DMZ gateway IP.
-
when you activate full connection logging you can track this kind of problems more accurately:
Advanced Settings
State Settings
Remember activate logging on the rules you want to track.
Its advisable have a syslog server to store the logs and then open it with excel to filter relevant events.