• 0

Can't open m0n0wall ports (bug?)


Go to solution Solved by BudMan,

Question

pairughdocks

I recently replaced a Linksys E900 router with a m0n0wall router distribution, and on my local LAN or external WAN I can not open custom ports. I need to open the following for active directory/dns/etc.. to authorize, sync, and update.

RPC endpoint mapper: 135/tcp, 135/udp
Network basic input/output system (NetBIOS) name service: 137/tcp, 137/udp
NetBIOS datagram service: 138/udp
NetBIOS session service: 139/tcp
RPC dynamic assignment: Win 2k/2003:1024-65535/tcp
Win 2008+:49152-65535/tcp
Server message block (SMB) over IP (Microsoft-DS): 445/tcp, 445/udp
Lightweight Directory Access Protocol (LDAP): 389/tcp
LDAP ping: 389/udp
LDAP over SSL: 636/tcp
Global catalog LDAP: 3268/tcp
Global catalog LDAP over SSL: 3269/tcp
Kerberos: 88/tcp, 88/udp
Domain Name Service (DNS): 53/tcp1, 53/udp

I have a default LAN rule of:

Proto: * / Source: Lan Net / Port: * / Destination: * / Description: Default LAN -> any

So ANY traffic should be able to flow freely, yet I am getting error messages such as:

The DNS server could not open socket for address 192.168.1.1. 
Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.) 
 
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port. 
 
For more information, see "DNS server log reference" in the online Help.
 
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 192.168.1.1. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.
Restart the DNS server or reboot the computer.

 

I've researched on m0n0walls forums and have had no luck, is this a bug with the distro?

 

 

 

Link to post
Share on other sites

19 answers to this question

Recommended Posts

  • 0
+BudMan

If m0n0wall is actually on 192.168.1.2 and your dns server is on 192.168.1.1, and your seeing this error on your dns server.

WTF can that have to do with m0n0wall? There is NOTHING that m0n0wall could be doing that would effect anything your dns server on a different IP address does - nothing!!

So we are missing something here.. But I assure you if what your saying is correct m0n0wall is not part of the puzzle.

  • Like 1
Link to post
Share on other sites
  • 0
pairughdocks

I'm not sure what the NAT would look like to only allow these local services to talk amongst the LAN.

 

Edit: I set up a rule for RDP as a test

 

IF: WAN PROTO: TCP EXT PORT RANGE: 3389-3389 NAT IP: 192.168.1.1 (server) INT PORT: 3389 DESCRIPTION: RDP

 

which works...

 

So to get LDAP to authorize it should be

 

IF: WAN PROTO: TCP EXT PORT RANGE:389-389 NAT IP: 192.168.1.1 (server) INT PORT: 389 DESCRIPTION: LDAP

 

But I don't get how to do a UNIQUE range, such as RPC using something like 1024-65534, since I can only map it to one local port as opposed to a range.

Link to post
Share on other sites
  • 0
+BudMan

Do you have more than 1 lan segment? Your gateway/router has NOTHING to do with traffic between lan machines on the same network.

So unless your routing traffic between say 192.168.1.0/24 and 192.168.2.0/24 through m0n0wall. It does not care nor even see traffic between say 192.168.1.14 and 192.168.1.52

These devices would only talk to m0n0wall to go to something off 192.168.1.0/24, like the internet. You would not be opening up most of the ports you listed inbound from the internet - nor would you believe would you even want that traffic going to the internet. Other than your dns listing port 53

Where are you seeing this error?

"The DNS server could not open socket for address 192.168.1.1"

And what is the IP address of your m0n0wall lan interface.. I believe it would default to something 192.168

But generally specking those ports would have NOTHING to do with your m0n0wall setup for your local lan. And seem unlikely you would want those forwarded from the internet, etc.

Link to post
Share on other sites
  • 0
snaphat (Myles Landwehr)

Let me see if I understand you correctly:

 

(1) These errors are on the m0n0wall setup.

(2) You setup an outbound rule to allow passing of ANY traffic out.

(3) You are seeing socket errors when M0n0wall tries to bind to the DNS port on your LAN interface.

 

The binding to ports and outbound rules issue appear to be unrelated to me. It appears that m0n0wall's DNS server service is failing to bind to the DNS port (53) for some reason. I assume you are saying that all of the services you listed also fail to bind to ports in the same manner. Out of curiosity is m0n0wall having issues binding to ports above 1024? If not, this would probably indicate an issue with root vs non-root binding. Also, is your m0n0wall LAN interface actually configured to use address 192.168.1.1? If not, it would fail to bind.

Link to post
Share on other sites
  • 0
pairughdocks

Do you have more than 1 lan segment? Your gateway/router has NOTHING to do with traffic between lan machines on the same network.

So unless your routing traffic between say 192.168.1.0/24 and 192.168.2.0/24 through m0n0wall. It does not care nor even see traffic between say 192.168.1.14 and 192.168.1.52

These devices would only talk to m0n0wall to go to something off 192.168.1.0/24, like the internet. You would not be opening up most of the ports you listed inbound from the internet - nor would you believe would you even want that traffic going to the internet. Other than your dns listing port 53

Where are you seeing this error?

"The DNS server could not open socket for address 192.168.1.1"

And what is the IP address of your m0n0wall lan interface.. I believe it would default to something 192.168

But generally specking those ports would have NOTHING to do with your m0n0wall setup for your local lan. And seem unlikely you would want those forwarded from the internet, etc.

 

1) no, it is just one lan segment (192.168.1.x)

2) I am seeing this error in my DNS event viewer

3) The m0n0wall is 192.168.1.2 (firewall.eatvac.local) and the server is is 192.168.1.1 (zeus.eatvac.local)

 

Let me see if I understand you correctly:

 

(1) These errors are on the m0n0wall setup.

(2) You setup an outbound rule to allow passing of ANY traffic out.

(3) You are seeing socket errors when M0n0wall tries to bind to the DNS port on your LAN interface.

 

The binding to ports and outbound rules issue appear to be unrelated to me. It appears that m0n0wall's DNS server service is failing to bind to the DNS port (53) for some reason. I assume you are saying that all of the services you listed also fail to bind to ports in the same manner. Out of curiosity is m0n0wall having issues binding to ports above 1024? If not, this would probably indicate an issue with root vs non-root binding. Also, is your m0n0wall LAN interface actually configured to use address 192.168.1.1? If not, it would fail to bind.

 

1) the dns errors are from the server, I KNOW m0n0wall is the culprit, because if I put in a little SOHO router I do not have these issues

2) that is the default firewall rule that m0n0wall ships with

3) Yes, I believe that m0n0wall is preventing DNS from binding a port on the LAN interface. In m0n0wall my DNS is set to 192.168.1.1 (my DNS server - Standard 2008 R2)

 

Also, every so often I get internet disconnects (page can not be displayed) yet DCDIAG shows NO errors and passes everything.

Link to post
Share on other sites
  • 0
snaphat (Myles Landwehr)

So those errors are NOT from m0n0wall? They are from logs on a Windows machine running a DNS server? if so, it really has nothing to do with m0n0wall because m0n0wall cannot control what ports a completely separate machine is able to listening on. The best I can come up with is that possibly your Windows Server isn't keeping its 192.168.1.1 IP whenever m0n0wall is hooked up and as such can't listen to any ports on that address.

  • Like 1
Link to post
Share on other sites
  • 0
pairughdocks

So those errors are NOT from m0n0wall? They are from logs on a Windows machine running a DNS server? if so, it really has nothing to do with m0n0wall because m0n0wall cannot control what ports a completely separate machine is able to listening on. The best I can come up with is that possibly your Windows Server isn't keeping its 192.168.1.1 IP whenever m0n0wall is hooked up and as such can't listen to any ports on that address.

 

Which is totally a possiblity, except everything is hard coded... I'm not sure how it would "forget" - the issue does not occur though when I have a SOHO router on the network and remove m0n0wall from the equation.

Link to post
Share on other sites
  • 0
snaphat (Myles Landwehr)

Which is totally a possiblity, except everything is hard coded... I'm not sure how it would "forget" - the issue does not occur though when I have a SOHO router on the network and remove m0n0wall from the equation.

 

Is it possible that m0n0wall has control of the 192.168.1.1 address (e.g. to hand it out via dhcp or something) and a conflict is occurring?

 

EDIT: http://support.microsoft.com/kb/279678 could this be relevant?

  • Like 1
Link to post
Share on other sites
  • 0
pairughdocks

m0n0wall is static to 192.168.1.2 (firewall.eatvac.local) all DHCP services are disabled on m0n0wall.

 

Edit: If I follow the advice of the article and set the DNS server to only listen on 192.168.1.1 I lose all functionality of DNS.

Link to post
Share on other sites
  • 0
pairughdocks

If m0n0wall is actually on 192.168.1.2 and your dns server is on 192.168.1.1, and your seeing this error on your dns server.

WTF can that have to do with m0n0wall? There is NOTHING that m0n0wall could be doing that would effect anything your dns server on a different IP address does - nothing!!

So we are missing something here.. But I assure you if what your saying is correct m0n0wall is not part of the puzzle.

 

I'm sure you are correct, originally I thought it may have something to do, but I have since resolved SOME of those issues. The issue at hand is still that the DNS/AD server hasn't signaled a sync yet.. (EVENT 4013 - http://gslink.us/B8syka)

Link to post
Share on other sites
  • 0
pairughdocks

This issue is actually resolved :) thanks to all involved.

Link to post
Share on other sites
  • 0
snaphat (Myles Landwehr)

This issue is actually resolved :) thanks to all involved.

What was the issue in the end?

Link to post
Share on other sites
  • 0
pairughdocks

It was some weird DNS settings and I used kept running "best practice analyzer" and isolating down issues, event by event. I still actually have TWO issues, but I don't want to trouble others with this...

 

The best practice I DONT UNDERSTAND. I have my loopback as a secondary server.. in the adapter properties and in the DNS server.

 

 

 

 

DNS-4013.txt

DNS-Best-Practice-Error.txt

Link to post
Share on other sites
  • 0
+BudMan

You normally point to 127.0.0.1 as secondary in case something wrong with the IP binding, or stack that prevents dns working on the IP assigned. It's really hard to break loopback ;)

Link to post
Share on other sites
  • 0
pairughdocks

Right, which I did ;), yet I'm still getting a warning that it isn't set. I'm not sure if I should be worried about it or not since everything seems to be functioning normally.

Link to post
Share on other sites
  • 0
+BudMan

does this server have more than 1 network interface - where exactly are you going to sync too. Do you have more than 1 AD dns server in your network. Do you have more than 1 DC? Where are all the roles located?

Link to post
Share on other sites
  • 0
pairughdocks

does this server have more than 1 network interface - where exactly are you going to sync too. Do you have more than 1 AD dns server in your network. Do you have more than 1 DC? Where are all the roles located?

 

It has 4, they are all disabled except for the one in use (since I do not have need for them). 1 AD DNS server only, and 1 DC only. Roles are all on the central/primary DC.

Link to post
Share on other sites
  • 0
+BudMan

so the DNS is not your DC?

Link to post
Share on other sites
  • 0
pairughdocks

DNS is running on the DC

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Copernic
      simplewall (WFP Tool) 3.2.4
      by Razvan Serea



      simplewall (WFP Tool) allows simple Windows Filtering Platform (WFP) configuration for your PCs network activity. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.

      Features:

      Simple interface without annoying pop ups Rules editor (create your own rules) Internal blocklist (block Windows spy / telemetry) Dropped packets information with notification and logging to a file feature (win7+) Allowed packets information with logging to a file feature (win8+) Windows Subsystem for Linux (WSL) support (win10) Windows Store support (win8+) Windows services support Free and open source Localization support IPv6 support Simplewall (WFP Tool) 3.2.4 changelog:

      removed assertion from release builds (issue #764) removed user service instance from the list (win10+) fixed parsing not existing apps (issue #732, #739) displays incorrect name on timer expiration check app timer expiration on profile load incorrect read-only rules tooltip markup create filter does not report errors fixed checking of file attributes fixed parsing ip/port ranges cosmetic fixes fixed bugs Download: simplewall (Wfp Tool) 3.2.4 | 751 KB (Open Source)
      Download: Portable simplewall (Wfp Tool) 3.2.4 | 787 KB
      Links: simplewall Home Page | Project Page @GitHub

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      NOD32 Antivirus / ESET Internet Security / Eset Smart Security Premium 13.2.18.0
      by Razvan Serea



      NOD32 for Windows is the best choice for protection of your personal computer. Almost 20 years of technological development enabled ESET to create state-of-the-art antivirus system able to protect you from all sorts of Internet threats. ESET Internet Security boasts a large array of security features, usability enhancements and scanning technology improvements in defense of your your online life.

      ESET Internet Security
      ESET Internet Security keeps your computer or laptop safe with intelligent multi-layered protection combining proven antivirus, antispyware, firewall, anti-rootkit and antispam capabilities. Based on ESET NOD32 Antivirus, it protects you from viruses, worms, spyware, and all Internet threats. It conserves resources and improves computer speed. You are protected at the highest level while you work, social network, play online games or plug in removable media.

      ESET NOD32 Antivirus
      Your best defense against viruses, trojans and other forms of malware—and the top choice for IT professionals. Powered by the ThreatSense® engine with advanced heuristics, which blocks far more unknown threats than the competition. The latest generation of the legendary ESET NOD32 Antivirus takes your security to a whole new level. Built for a low footprint, fast scanning, it packs security features and customization options for consistent and personalized security online or off.

      ESET Smart Security
      Ultimate protection for everyday web users, thanks to ESET’s trademark best balance of detection, speed and usability. Stay safe from viruses and spyware. Stay protected from ransomware - Blocks malware that tries to lock you out of your own data. Receive free support by email or telephone in your local language, wherever you are. Bank and shop online more safely - automatically secures transactions on internet banking sites, and helps to protect you on online payment gateways. Stop hackers from accessing your PC - Personal Firewall prevents hackers from gaining access to your computer and keeps you invisible when you use public Wi-Fi. Keep your kids safe online - block unwanted internet content by categories or individual websites and keep your kids safe online with Parental Control. Safer webcam and home router - Get an alert when anyone tries to access your webcam, and check your home router for vulnerabilities. Safely store passwords, and encrypt your data. Safely store, generate and prefill your passwords, and encrypt your files and removable media (USB keys). Includes protection for smartphones and tablets. Protect all of your devices - mix and match security protection for up to 3 or 5 devices.

      Note: v13.2.18.0 changelog is not yet available.

      Download: ESET NOD32 Antivirus 13.2.18.0 (32-bit) | NOD32 Antivirus 64-bit | ~180.0 MB (Free Trial)
      Download: ESET Internet Security 13.2.18.0 (32-bit) | ESET Internet Security 64-bit
      Download: Eset Smart Security Premium 13.2.18.0 (32-bit) | Eset Smart Security Premium 64-bit
      Link: ESET Home Page

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      simplewall (Wfp Tool) 3.2.3
      by Razvan Serea



      simplewall (WFP Tool) allows simple Windows Filtering Platform (WFP) configuration for your PCs network activity. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.

      Features:

      Simple interface without annoying pop ups Rules editor (create your own rules) Internal blocklist (block Windows spy / telemetry) Dropped packets information with notification and logging to a file feature (win7+) Allowed packets information with logging to a file feature (win8+) Windows Subsystem for Linux (WSL) support (win10) Windows Store support (win8+) Windows services support Free and open source Localization support IPv6 support Simplewall (WFP Tool) 3.2.3 changelog:



      added ncsi system rule (issue #709) added command line mutex checking (issue #750) added noficitation window redraw (issue #731) use logical sorting order (issue #735) check for provider status before create filters do not highlight connections in log tab fixed support oldest win7 versions (issue #737) removed listview empty markup cosmetic fixes fixed bugs Download: simplewall (Wfp Tool) 3.2.3 | 759 KB (Open Source)
      Download: Portable simplewall (Wfp Tool) 3.2.3 | 798 KB
      Links: simplewall Home Page | Project Page @GitHub

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      GlassWire 2.2.241
      by Razvan Serea



      Visualize your current and past network activity by traffic type, application, and geographic location, on an easy to use graph. GlassWire lets you see what applications are sending out data over the Internet and shows you what hosts they are communicating with. The program also looks for; domains or IP addresses that are known threats, networking system file changes, unusual application changes, ARP spoofing and more.

      GlassWire shows you what network activity occurred while you were away or logged out from your computer. No more wondering what your computer was doing while you were out. Just go back in time with GlassWire's graph and see exactly what happened in detail.

      GlassWire visualizes what current and past applications are accessing the Internet. If you don’t like what you see you can instantly block network access to specific apps with GlassWire’s firewall manager.

      GlassWire 2.2.241 changelog:

      Click the small down arrow at the top left of the graph to scale it however you want. Click “Publishers” on the graph to see traffic by publisher. It’s useful to quickly find unsigned apps. Click the graph, then drag back and forth to select time periods where you can see detailed app, host, and traffic data. Resource usage improvements with GlassWire’s user interface. Fixed translations for French and Korean. Fixed an issue with host name for some devices on the “Things” list. Fixed a DLL issue reported on HackerOne. Fixed an issue that could cause a false RDP connection alert in some unique situations. Miscellaneous bug fixes and resource usage improvements. Download: GlassWire 2.2.241 | 46.9 MB (Shareware)
      View: GlassWire Website | Android

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      NOD32 Antivirus / ESET Internet Security / Eset Smart Security Premium 13.2.16.0
      by Razvan Serea



      NOD32 for Windows is the best choice for protection of your personal computer. Almost 20 years of technological development enabled ESET to create state-of-the-art antivirus system able to protect you from all sorts of Internet threats. ESET Internet Security boasts a large array of security features, usability enhancements and scanning technology improvements in defense of your your online life.

      ESET Internet Security
      ESET Internet Security keeps your computer or laptop safe with intelligent multi-layered protection combining proven antivirus, antispyware, firewall, anti-rootkit and antispam capabilities. Based on ESET NOD32 Antivirus, it protects you from viruses, worms, spyware, and all Internet threats. It conserves resources and improves computer speed. You are protected at the highest level while you work, social network, play online games or plug in removable media.

      ESET NOD32 Antivirus
      Your best defense against viruses, trojans and other forms of malware—and the top choice for IT professionals. Powered by the ThreatSense® engine with advanced heuristics, which blocks far more unknown threats than the competition. The latest generation of the legendary ESET NOD32 Antivirus takes your security to a whole new level. Built for a low footprint, fast scanning, it packs security features and customization options for consistent and personalized security online or off.

      ESET Smart Security
      Ultimate protection for everyday web users, thanks to ESET’s trademark best balance of detection, speed and usability. Stay safe from viruses and spyware. Stay protected from ransomware - Blocks malware that tries to lock you out of your own data. Receive free support by email or telephone in your local language, wherever you are. Bank and shop online more safely - automatically secures transactions on internet banking sites, and helps to protect you on online payment gateways. Stop hackers from accessing your PC - Personal Firewall prevents hackers from gaining access to your computer and keeps you invisible when you use public Wi-Fi. Keep your kids safe online - block unwanted internet content by categories or individual websites and keep your kids safe online with Parental Control. Safer webcam and home router - Get an alert when anyone tries to access your webcam, and check your home router for vulnerabilities. Safely store passwords, and encrypt your data. Safely store, generate and prefill your passwords, and encrypt your files and removable media (USB keys). Includes protection for smartphones and tablets. Protect all of your devices - mix and match security protection for up to 3 or 5 devices.

      v13.2.16.0 changelog:

      Fixed: Bug that causes application freeze in limited scenarios

      Download: ESET NOD32 Antivirus 13.2.16.0 (32-bit) | NOD32 Antivirus 64-bit | ~180.0 MB (Free Trial)
      Download: ESET Internet Security 13.2.16.0 (32-bit) | ESET Internet Security 64-bit
      Download: Eset Smart Security Premium 13.2.16.0 (32-bit) | Eset Smart Security Premium 64-bit
      Link: ESET Home Page

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware