OSX firewall blocking web access intermittently

Discussion in 'macOS' started by rcha101, Jan 6, 2007.

  1. rcha101 macrumors member

    Joined:
    Feb 28, 2006
    #1
    Hi,

    I have an interesting problem which I've been looking at.

    When I have the firewall turned on with all default settings I find I cannot access some websites. I am able to resolve the domain name however the websites do not load. All other internet apps seem to work fine and some websites load fine even ones I haven't been to before i.e. not cached.

    I do not have the same problem when I access the net via the ethernet adapter which is really weird.

    In the ipfw.log I see lots of these sort of messages following:

    Jan 6 18:59:26 computer ipfw: 12190 Deny TCP 85.227.217.26 10.0.1.29 in via en1 (frag 44333:8@1472)
    Jan 6 18:59:27computer ipfw: 12190 Deny TCP 85.227.217.26 10.0.1.29 in via en1 (frag 44438:8@1472)

    Is the firewall dropping these packets because they are fragmented?

    Help
     
  2. apfhex macrumors 68030

    apfhex

    Joined:
    Aug 8, 2006
    Location:
    Northern California
    #2
    You're sure it's only when the firewall is on? Because AFAIK, ipfw in its unmodified state doesn't block outgoing connections. I keep it running all the time and there's no difference in my web browsing, and I don't see how it could be affecting it. But I don't know much about the inner workings on ipfw.

    My log also gets filled up with hundreds of messages like that every day.
    (here's the last three lines in my log that appeared while I was typing this post)
    Code:
    Jan  6 12:31:55 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
    Jan  6 12:31:58 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
    Jan  6 12:32:04 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
     
  3. merc669 macrumors 6502

    merc669

    Joined:
    Jun 7, 2006
    Location:
    Southern MD, USA
    #3
    I have a question on the firewall now that this post jogs my memory. Do you actually need to run a FireWall if you are behind a NAT router with SPI built into the router. And if you do can it actually slow or deny you gettting thru to the Internet. Anyways, Excuss the slight deviation of the topic.

    Bill....
     
  4. rcha101 thread starter macrumors member

    Joined:
    Feb 28, 2006
    #4
    A valid point. I have reflexive access list on the router which controls access into my network. I also want the firewall running on my machine in case I get unwelcome guest on my wireless lan.

    What I believe is happening is that some of the incoming web traffic is being fragmented and therefore dropped by the default IPFW policy on my mac. I'm going to run a sniffer tonight to see why this is as I do not want to allow fragments in.

    Cheers
     
  5. rcha101 thread starter macrumors member

    Joined:
    Feb 28, 2006
    #5
    Yes I am sure. Looks like you machine talks to the web natively? Mine does not. Also, my logs mention 'frag' which yours does not. I need to find out why the return traffic is being fragmented and resolve this so the built in firewall does not drop it.
     
  6. apfhex macrumors 68030

    apfhex

    Joined:
    Aug 8, 2006
    Location:
    Northern California
    #6
    That would make sense as to why the firewall is mucking up your web access. I don't know much about that stuff so I can't help. You're right, I'm connected directly to my cable modem, although I have run ipfw before when I was behind a simple Linksys router.
     

Share This Page