Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[RGData]

I have a web server in the DMZ running an SSL site with a Java applet, we have people logging in to the site and using the applet to enter information which is transfered to a sql database. At random times I get a "no_new_conn_for_this_packet" (error 600012) from the person using the applets public IP to my public IP, followed straight away by "ruleset_drop_packet" (error 6000051) from the web servers IP to the dfl's DMZ IP even though I have a NAT rule to allow this connection.

The result of this is a error connecting to database shown to the people using the applet. Is there a way to stop this happening?

[danilovav]

If you didn't changed WebUI HTTPS port previously, do it now.

[RGData]

I have now changed the port, would that be the cause of this problem?

[RGData]

Still got the problem 

[danilovav]

Please show full log message

[RGData]

Warning   RULE             Default_Rule        TCP   DMZ    172.17.100.252   443         ruleset_drop_packet
              6000051                                                  172.17.100.254   43642      drop
----------------------------------------------------------------------------------------------------
Warning  CONN             LogOpenFails        TCP  wan1   (client Public IP)  29899      no_new_conn_for_this
             600012                                                     (My Public IP)     443         reject
----------------------------------------------------------------------------------------------------

My web server IP is the 172.17.100.252 and the .254 is the DFL DMZ gateway IP.

[chechito]

when you activate full connection logging you can track this kind of problems more accurately:

Advanced Settings
State Settings

Remember activate logging on the rules you want to track.

Its advisable have a syslog server to store the logs and then open it with excel to filter relevant events.