Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OSX firewall blocking web access intermittently

R

rcha101

macrumors member
Original poster
Feb 28, 2006
74
0
Hi,

I have an interesting problem which I've been looking at.

When I have the firewall turned on with all default settings I find I cannot access some websites. I am able to resolve the domain name however the websites do not load. All other internet apps seem to work fine and some websites load fine even ones I haven't been to before i.e. not cached.

I do not have the same problem when I access the net via the ethernet adapter which is really weird.

In the ipfw.log I see lots of these sort of messages following:

Jan 6 18:59:26 computer ipfw: 12190 Deny TCP 85.227.217.26 10.0.1.29 in via en1 (frag 44333:8@1472)
Jan 6 18:59:27computer ipfw: 12190 Deny TCP 85.227.217.26 10.0.1.29 in via en1 (frag 44438:8@1472)

Is the firewall dropping these packets because they are fragmented?

Help
 
You're sure it's only when the firewall is on? Because AFAIK, ipfw in its unmodified state doesn't block outgoing connections. I keep it running all the time and there's no difference in my web browsing, and I don't see how it could be affecting it. But I don't know much about the inner workings on ipfw.

My log also gets filled up with hundreds of messages like that every day.
(here's the last three lines in my log that appeared while I was typing this post)
Code: 
Jan  6 12:31:55 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
Jan  6 12:31:58 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
Jan  6 12:32:04 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
 
I have a question on the firewall now that this post jogs my memory. Do you actually need to run a FireWall if you are behind a NAT router with SPI built into the router. And if you do can it actually slow or deny you gettting thru to the Internet. Anyways, Excuss the slight deviation of the topic.

Bill....
 
merc669 said:
I have a question on the firewall now that this post jogs my memory. Do you actually need to run a FireWall if you are behind a NAT router with SPI built into the router. And if you do can it actually slow or deny you gettting thru to the Internet. Anyways, Excuss the slight deviation of the topic.

Bill....
Click to expand...

A valid point. I have reflexive access list on the router which controls access into my network. I also want the firewall running on my machine in case I get unwelcome guest on my wireless lan.

What I believe is happening is that some of the incoming web traffic is being fragmented and therefore dropped by the default IPFW policy on my mac. I'm going to run a sniffer tonight to see why this is as I do not want to allow fragments in.

Cheers
 
apfhex said:
You're sure it's only when the firewall is on? Because AFAIK, ipfw in its unmodified state doesn't block outgoing connections. I keep it running all the time and there's no difference in my web browsing, and I don't see how it could be affecting it. But I don't know much about the inner workings on ipfw.

My log also gets filled up with hundreds of messages like that every day.
(here's the last three lines in my log that appeared while I was typing this post)
Code: 
Jan  6 12:31:55 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
Jan  6 12:31:58 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
Jan  6 12:32:04 Battlestar ipfw:  12190 Deny TCP 67.164.161.65:4093 67.164.48.186:2967 in via en0
Click to expand...

Yes I am sure. Looks like you machine talks to the web natively? Mine does not. Also, my logs mention 'frag' which yours does not. I need to find out why the return traffic is being fragmented and resolve this so the built in firewall does not drop it.
 
rcha101 said:
Also, my logs mention 'frag' which yours does not. I need to find out why the return traffic is being fragmented and resolve this so the built in firewall does not drop it.
Click to expand...
That would make sense as to why the firewall is mucking up your web access. I don't know much about that stuff so I can't help. You're right, I'm connected directly to my cable modem, although I have run ipfw before when I was behind a simple Linksys router.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back