ext. DSL-Modem über VLAN ansteuern

gm · Beitrag von gm » 08 Sep 2007, 13:26

Hallo,

habe zu einem LANCOM 1724 folgende Frage:

Am Anschluss LAN-1 hängt das interne Netzwerk dran.
Am Anschluss LAN-2 hängt das DMZ Netzwerk dran.

Gibt es eine Möglichkeit ein DSL-Modem (Speedport 200) per VLAN z.B. über LAN-2 zu verwenden? Es sieht irgendwie so aus, als ob ich bei einem 1724 für ein externes DSL-Modem einen von zwei LAN-Anschlüssen opfern müßte.

Hintergrund ist der, dass das eingebaute DSL-Modem im LANCOM absolut nicht zuverlässig funktioniert.

Gruß
gm

gm · Beitrag von gm » 08 Sep 2007, 14:41

Hallo,

so nun habe ich das VLAN-Modul aktiviert und lasse die DMZ und das LAN über die selbe Netzwerkschnittstelle (LAN-1) laufen und das Speedport 200 DSL-Modem läuft über den LAN-2 Anschluss (als DSL-Interface konfiguriert). Dummerweise treten jetzt alle paar Minuten OS_PANIC's auf. Hat vielleicht jemand einen Tip? Ich vermute mal das liegt am VLAN.

Anbei die OS_PANIC:

Code: Alles auswählen

login as: root
root@lancom1724.grosskonreuth.de's password:


#
| LANCOM 1724 VoIP (Annex B)
| Ver. 7.22.0016 / 03.09.2007 / 6.26/e74.02.41
| SN.  053690600037
| Copyright (c) LANCOM Systems

lancom1724, Verbindung Nr.: 002 (LAN)


root@lancom1724:/
> show bootlog
Boot log (8192 Bytes):
00 | ........ ........
largest available memory block: 15896864 bytes


DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0015 / 30.08.2007 / 6.26/e74.02.41

****

08.09.2007 14:34:03  System boot after os_panic

DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0015 / 30.08.2007 / 6.26/e74.02.41

****

mem_hdrchk_print(xIosMemFre): MCB @0x010c43a0 destroyed (ptr->Owner is FREE)
  previous MCB @0x010c4360 has owner @0x00824ad4 (job VH, file bn_lib.c, line 295)
  -> see following os_panic

****

08.09.2007 14:34:15  os_panic
Task name = TI

Type=mem_hdrchk_panic(xIosMemFre): MCB destroyed (ptr->Owner is FREE)
Code=0x010c43a0 Task=0x008b239c Nest=0x00000000
MMUSTS  = 0x00000000  CPSR      = 0x00000000  SPSR    = 0x00000000
FLTADDR = 0x00000000  D-FLTADDR = 0x00000000  MMUBASE = 0x00000000
 R00 = 0x00757320  R01 = 0x010c43a0  R02 = 0x005414c4  R03 = 0x000034b9
 R04 = 0x00757014  R05 = 0x010c43a0  R06 = 0x004decd8  R07 = 0x010c4260
 R08 = 0x004deb88  R09 = 0x008a6c8c  R10 = 0x005414c4  R11 = 0x0053b828
 R12 = 0x00115c81  R13 = 0x008b60c8  R14 = 0x002db58c
 possible error location stateins.c : 13497

Memory dump (256 bytes):
Adr:= 010c43a0
Len:= 00000100
010C43A0:  01 0C 44 A0 01 0C 43 60  00 00 00 08 00 87 FC C5 | ..D...C` ........
010C43B0:  B6 C8 DB EF 00 54 14 C4  00 00 09 DC 54 49 00 FC | .....T.. ....TI..
010C43C0:  01 0C C5 80 FF 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
010C43D0:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
010C43E0:  00 00 00 01 FF 0C 43 E4  01 0C 43 E4 00 00 00 01 | ......C. ..C.....
010C43F0:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
010C4400:  00 00 00 00 FF 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
010C4410:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
010C4420:  C9 1A 02 1B C6 99 4D 6E  2D F7 73 21 CF 99 D3 0C | ......Mn -.s!....
010C4430:  D3 1A 86 4A 51 8E B4 E8  7D 5A 06 8A 85 04 78 60 | ...JQ... }Z....x`
010C4440:  00 00 C8 2B 60 03 1F 41  2A 44 5F 7B FF B6 D5 F5 | ...+`..A *D_{....
010C4450:  06 18 2B 3F 54 6A 81 99  B2 CC E7 03 20 3E 5D 7D | ..+?Tj.. .... >]}
010C4460:  8E A0 B3 C7 DC F2 09 21  3A 54 6F 8B A8 C6 E5 05 | .......! :To.....
010C4470:  16 28 3B 4F 64 7A 91 A9  C2 DC F7 13 30 4E 6D 8D | .(;Odz.. ....0Nm.
010C4480:  9E B0 C3 D7 01 0C 43 80  FF 00 00 0A 00 82 4A D4 | ......C. ......J.
010C4490:  46 58 6B 7F 00 4A E4 90  00 00 01 48 56 48 00 38 | FXk..J.. ...HVH.8

Stack dump (256 bytes):
Adr:= 008b60c8
Len:= 00000100
008B60C8:  00 4D EB 88 01 0C 43 60  00 82 4A D4 01 0C 43 A0 | .M....C` ..J...C.
008B60D8:  00 54 14 C4 00 00 34 B9  00 4D EC D8 00 00 34 B9 | .T....4. .M....4.
008B60E8:  00 00 00 00 00 75 74 40  00 2D B8 E4 00 00 34 B9 | .....ut@ .-....4.
008B60F8:  01 0C 43 A0 00 8B 61 34  00 54 14 C4 00 00 34 B9 | ..C...a4 .T....4.
008B6108:  00 2D BB B8 00 00 00 00  00 54 14 C4 00 7D 8D 30 | .-...... .T...}.0
008B6118:  00 00 00 A0 01 0C 43 C0  00 8B 61 34 00 4D E9 48 | ......C. ..a4.M.H
008B6128:  00 54 14 C4 00 00 34 B9  00 2D C2 A0 00 75 74 40 | .T....4. .-...ut@
008B6138:  00 4D E9 48 00 00 0E 31  00 00 00 00 00 00 00 84 | .M.H...1 ........
008B6148:  00 F8 03 A0 00 8B 62 88  00 8B 62 88 00 F8 03 A0 | ......b. ..b.....
008B6158:  00 3E 74 41 00 3D 7F 01  00 00 00 02 00 00 00 00 | .>tA.=.. ........
008B6168:  00 00 00 01 00 12 7F BD  00 7D 92 B8 00 54 14 C4 | ........ .}...T..
008B6178:  00 7D 92 98 00 00 00 00  00 00 00 00 00 00 00 00 | .}...... ........
008B6188:  00 00 00 10 00 48 D2 D0  00 F8 03 A0 00 DB 3E 90 | .....H.. ......>.
008B6198:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
008B61A8:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
008B61B8:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
largest available memory block: 15935392 bytes


DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0015 / 30.08.2007 / 6.26/e74.02.41

****

08.09.2007 14:34:20  System boot after os_panic

DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0015 / 30.08.2007 / 6.26/e74.02.41

****

mem_hdrchk_print(xIosMemFre): MCB @0x010c7840 destroyed (ptr->Owner is FREE)
  previous MCB @0x010c7800 has owner @0x010c7880 (FREE)
  -> see following os_panic

****

08.09.2007 14:34:26  os_panic
Task name = TI

Type=mem_hdrchk_panic(xIosMemFre): MCB destroyed (ptr->Owner is FREE)
Code=0x010c7840 Task=0x008b239c Nest=0x00000000
MMUSTS  = 0x00000000  CPSR      = 0x00000000  SPSR    = 0x00000000
FLTADDR = 0x00000000  D-FLTADDR = 0x00000000  MMUBASE = 0x00000000
 R00 = 0x00757320  R01 = 0x010c7840  R02 = 0x005414c4  R03 = 0x000034b9
 R04 = 0x00757014  R05 = 0x010c7840  R06 = 0x004decd8  R07 = 0x010c77c0
 R08 = 0x004deb88  R09 = 0x008a6c8c  R10 = 0x005414c4  R11 = 0x0053b828
 R12 = 0x00115c81  R13 = 0x008b60c8  R14 = 0x002db58c
 possible error location stateins.c : 13497

Memory dump (256 bytes):
Adr:= 010c7840
Len:= 00000100
010C7840:  01 0C 78 80 01 0C 78 00  00 00 00 02 00 87 FB ED | ..x...x. ........
010C7850:  90 A2 B5 C9 00 54 14 C4  00 00 09 DC 54 49 00 3C | .....T.. ....TI.<
010C7860:  01 0C 78 80 FF 0C 77 60  FF 00 00 03 00 82 4A D4 | ..x...w` ......J.
010C7870:  00 00 00 00 00 4D 12 8C  00 00 01 B3 56 48 00 28 | .....M.. ....VH.(
010C7880:  01 0C 78 C0 01 0C 78 40  00 00 00 02 01 0C 78 41 | ..x...x@ ......xA
010C7890:  01 0C 72 E0 00 54 14 C4  00 00 09 ED 54 49 00 3C | ..r..T.. ....TI.<
010C78A0:  01 0C 78 00 FF 00 00 01  00 00 00 48 01 0C 72 40 | ..x..... ...H..r@
010C78B0:  01 0C 73 00 01 0C 73 C0  01 0C 74 00 00 00 00 00 | ..s...s. ..t.....
010C78C0:  00 44 96 00 01 0C 78 80  00 07 9C 38 01 FF FF C1 | .D....x. ...8....
010C78D0:  00 20 D7 5D 00 20 D7 19  FF 00 01 48 56 48 00 38 | . .]. .. ...HVH.8
010C78E0:  01 FF FF C0 01 0C 78 80  00 00 00 08 00 82 4A D4 | ......x. ......J.
010C78F0:  83 70 C3 58 00 4A E4 90  00 00 01 48 56 48 00 38 | .p.X.J.. ...HVH.8
010C7900:  56 24 7D E6 CA 30 FF B1  44 6E B7 B0 06 62 22 B2 | V$}..0.. Dn...b".
010C7910:  35 6F 2D 8D 02 73 10 14  2A FD BB 64 7B A8 32 57 | 5o-..s.. *..d{.2W
010C7920:  5F 82 D8 37 61 60 DB 8D  BF D8 91 1E 30 C6 3A FB | _..7a`.. ....0.:.
010C7930:  2D 8A 3E 1C C8 26 2C F9  0A 14 37 F0 32 C5 17 4C | -.>..&,. ..7.2..L

Stack dump (256 bytes):
Adr:= 008b60c8
Len:= 00000100
008B60C8:  00 4D EB 88 01 0C 78 00  01 0C 78 80 01 0C 78 40 | .M....x. ..x...x@
008B60D8:  00 54 14 C4 00 00 34 B9  00 4D EC D8 00 00 34 B9 | .T....4. .M....4.
008B60E8:  00 00 00 00 00 75 74 40  00 2D B8 E4 00 00 34 B9 | .....ut@ .-....4.
008B60F8:  01 0C 78 40 00 8B 61 34  00 54 14 C4 00 00 34 B9 | ..x@..a4 .T....4.
008B6108:  00 2D BB B8 00 00 00 00  00 54 14 C4 00 7D 8D 30 | .-...... .T...}.0
008B6118:  00 00 00 A0 01 0C 78 60  00 8B 61 34 00 4D E9 48 | ......x` ..a4.M.H
008B6128:  00 54 14 C4 00 00 34 B9  00 2D C2 A0 00 75 74 40 | .T....4. .-...ut@
008B6138:  00 4D E9 48 00 00 0E 31  00 00 00 00 00 00 00 84 | .M.H...1 ........
008B6148:  00 F7 CB 60 00 8B 62 88  00 8B 62 88 00 F7 CB 60 | ...`..b. ..b....`
008B6158:  00 3E 74 41 00 3D 7F 01  00 00 00 02 00 00 00 00 | .>tA.=.. ........
008B6168:  00 00 00 01 00 12 7F BD  00 7D 92 B8 00 54 14 C4 | ........ .}...T..
008B6178:  00 7D 92 98 00 00 00 00  00 00 00 00 00 00 00 00 | .}...... ........
008B6188:  00 00 00 10 00 48 D2 D0  00 F7 CB 60 00 D8 E4 50 | .....H.. ...`...P
008B6198:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
008B61A8:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
008B61B8:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ........ ........
largest available memory block: 15959808 bytes


DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0015 / 30.08.2007 / 6.26/e74.02.41

****

08.09.2007 14:34:32  System boot after os_panic

DEVICE:           LANCOM 1724 VoIP (Annex B)
HW-RELEASE:       A
VERSION:          7.22.0016 / 03.09.2007 / 6.26/e74.02.41

Gruß
gm

backslash · Beitrag von **backslash** » 10 Sep 2007, 18:06

Hi gm,

hast du irgendwelche besonderen Firewallregeln, bei denen entweder das Häkchen bei "weitere Regeln beachten" gesetzt ist, oder die eine Bedingung wie "nur über Defaultroute" enthalten?

wie sind die Netze definiert (/Setup/TCP/Networks)?
was sagt ein "show filter"

Gruß
Backslash

gm · Beitrag von gm » 10 Sep 2007, 22:43

Hi backslash,

ja, bei den QoS-Regeln habe ich z.B. das Häkchen "weitere Regel beachten" drin. Könnte zwar dort auch schon gleich übertragen sagen, aber irgendwie war es mir sympatischer nur jeweils eine Accept-Regel zu haben. Die Sache mit "nur über Defaultroute" habe ich auch drin... Ist das etwas besonderes?

Anbei die Ausgaben von "show filter":

Code: Alles auswählen

> show filter

Filter 0001 from Rule WINS:
  Protocol: 17
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 137-139
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      reject

Filter 0002 from Rule WINS:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 137-139
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      reject

Filter 0003 from Rule QOS_OUT_PRIO_DNS:
  Protocol: 17
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 53-53
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 16 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0004 from Rule QOS_OUT_PRIO_ICMP:
  Protocol: 1
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 8 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0005 from Rule QOS_OUT_PRIO_CSTRIKE:
  Protocol: 17
  Src: 00:00:00:00:00:00 192.168.3.11 255.255.255.255 27015-27015
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 256 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0006 from Rule QOS_OUT_PRIO_WWW:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 8080-8080
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 64 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0007 from Rule QOS_OUT_PRIO_WWW:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 8008-8008
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 64 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0008 from Rule QOS_OUT_PRIO_WWW:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 591-591
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 64 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0009 from Rule QOS_OUT_PRIO_WWW:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 443-443
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 64 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000a from Rule QOS_OUT_PRIO_WWW:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 80-80
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 64 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000b from Rule QOS_OUT_PRIO_EMAIL:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 995-995
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000c from Rule QOS_OUT_PRIO_EMAIL:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 143-143
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000d from Rule QOS_OUT_PRIO_EMAIL:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 119-119
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000e from Rule QOS_OUT_PRIO_EMAIL:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 110-110
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 000f from Rule QOS_OUT_PRIO_EMAIL:
  Protocol: 6
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 25-25
  use routing tag 0000
  combine actions with next matching filter
  ---
  conditional: if on default route
  Limit globally:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0010 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 108
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 4500-4500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0011 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 108
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 500-500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0012 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 51
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 4500-4500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0013 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 51
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 500-500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0014 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 50
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 4500-4500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0015 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 50
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 500-500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0016 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 17
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 4500-4500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0017 from Rule QOS_OUT_PRIO_IPSEC:
  Protocol: 17
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 500-500
  use routing tag 0000
  combine actions with next matching filter
  conditional: if on default route
  Limit per conn.:  guarantee a minimum for transmitting of 32 kilobits per second on a WAN interface
  actions after exceeding the minimum:
      accept

Filter 0018 from Rule FW_ALLOW_192_168_4_0_OUT:
  Protocol: 0
  Src: 00:00:00:00:00:00 192.168.4.0 255.255.255.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0019 from Rule FW_ALLOW_192_168_3_0_EINWAHL:
  Protocol: 0
  Src: 00:00:00:00:00:00 192.168.3.0 255.255.255.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.1 255.255.255.255 0-0
  use routing tag 0000
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001a from Rule FW_ALLOW_192_168_3_0_OUT:
  Protocol: 0
  Src: 00:00:00:00:00:00 192.168.3.0 255.255.255.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001b from Rule FW_ALLOW_192_168_1_0_OUT:
  Protocol: 0
  Src: 00:00:00:00:00:00 192.168.1.0 255.255.255.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001c from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.20 255.255.255.255 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001d from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.1 255.255.255.255 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001e from Rule FW_ALLOW_192_168_1_40_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.1.40 255.255.255.255 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 001f from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.2 255.255.255.254 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0020 from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.16 255.255.255.252 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0021 from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.4 255.255.255.252 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0022 from Rule FW_ALLOW_192_168_3_0_IN:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.8 255.255.255.248 0-0
  use routing tag 0000
  conditional: if on default route
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0023 from Rule FW_ALLOW_192_168_3_0_IN_DNS:
  Protocol: 17
  Src: 00:00:00:00:00:00 192.168.3.0 255.255.255.0 0-0
  Dst: 00:00:00:00:00:00 192.168.3.2 255.255.255.255 53-53
  use routing tag 0000
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      accept

Filter 0024 from Rule FW_DENY_ALL:
  Protocol: 0
  Src: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  Dst: 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0-0
  use routing tag 0000
  Limit per conn.:  after transmitting or receiving of 0 kilobits per second
  actions after exceeding the limit:
      drop
      send SNMP trap

registered applications

application: SIP, handle: 00000001
  Limit per conn.:  after transmitting or receiving of 0 packets
  actions after exceeding the limit:
      accept

Gruß
gm

backslash · Beitrag von **backslash** » 12 Sep 2007, 19:23

Hi gm,

hier mußten gleich der Dinge gleichzeitig passieren, damit der Fehler auftrat:

1) verkette Regel
2) nicht greifende Bedingung in der ersten der verketteten Regeln
3) "lokales Routing" (d.h. ein Paket aus dem LAN wird an ein weiteres Gateway im LAN geroutet)

der Fehler wird in der nächsten Build behoben sein...

Gruß
Backslash