I just got my UTM Home 9.1 box up and running last night and am still working on settings and getting to know the interface better. As you can tell, I'm new to this and am already finding issues that I need to make sure are not issues in the future.
I'm trying to learn how to watch the traffic monitors and logs to see what is needed to open the necessary ports, add an application, mess with NAT, whatever needs to be done for certain applications. In this case, I'm working on Twitch.TV and being able to load the live streams they broadcast as well as prep for broadcasting my own stream later tonight when I play against friends.
As it sits now, I cannot watch the live streams on Twitch
The video fails to load, and I'm given an error indicating I must call support. If I use the public network I've setup that allows any outbound connections, I can get there just fine. It's the private network that will not allow me to access the site.
I do see the following in my logs:
12:16:12 Default DROP TCP
192.168.50.75 : 64187
→
199.9.253.199 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64197
→
199.9.248.102 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:14 Default DROP TCP
192.168.50.75 : 64200
→
199.9.254.168 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64187
→
199.9.253.199 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64197
→
199.9.248.102 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:17 Default DROP TCP
192.168.50.75 : 64200
→
199.9.254.168 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:22 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=48 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:22 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=48 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
Do I need to just create a custom rule for ports 1935 and 843?
Am I going to have to do this for every web application that I use?
I've already had to create an any rule for my playstations and xbox to work, and I'm beginning to wonder if making swiss cheese of my firewall is going to be the future of this thing. I'd prefer not to, if possible. Is there a way to create an application control for this? Would I want to?
I already plan on having to mess with my software later tonight in order to stream to twitch from my PCs so having to work on it a little more shouldn't be an issue. I just want to make sure I'm doing it the most efficient way possible.
I'm trying to learn how to watch the traffic monitors and logs to see what is needed to open the necessary ports, add an application, mess with NAT, whatever needs to be done for certain applications. In this case, I'm working on Twitch.TV and being able to load the live streams they broadcast as well as prep for broadcasting my own stream later tonight when I play against friends.
As it sits now, I cannot watch the live streams on Twitch
The video fails to load, and I'm given an error indicating I must call support. If I use the public network I've setup that allows any outbound connections, I can get there just fine. It's the private network that will not allow me to access the site.
I do see the following in my logs:
12:16:12 Default DROP TCP
192.168.50.75 : 64187
→
199.9.253.199 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:12 Default DROP TCP
192.168.50.75 : 64197
→
199.9.248.102 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:14 Default DROP TCP
192.168.50.75 : 64200
→
199.9.254.168 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64187
→
199.9.253.199 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:16 Default DROP TCP
192.168.50.75 : 64197
→
199.9.248.102 : 843
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:17 Default DROP TCP
192.168.50.75 : 64200
→
199.9.254.168 : 1935
[SYN] len=52 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:22 Default DROP TCP
192.168.50.75 : 64190
→
199.9.249.46 : 1935
[SYN] len=48 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
12:16:22 Default DROP TCP
192.168.50.75 : 64194
→
199.9.249.46 : 1935
[SYN] len=48 ttl=127 tos=0x00 srcmac=0:25:22:f7:d9:7b dstmac=0:2:b3:bc:96:1d
Do I need to just create a custom rule for ports 1935 and 843?
Am I going to have to do this for every web application that I use?
I've already had to create an any rule for my playstations and xbox to work, and I'm beginning to wonder if making swiss cheese of my firewall is going to be the future of this thing. I'd prefer not to, if possible. Is there a way to create an application control for this? Would I want to?
I already plan on having to mess with my software later tonight in order to stream to twitch from my PCs so having to work on it a little more shouldn't be an issue. I just want to make sure I'm doing it the most efficient way possible.