firewall input drop drops everything incl forward [solved]

zbaracki · April 16, 2013, 12:07am

My firewall behaves very weirdly.
chain input behaves like forward, cutting traffic which is passing thru.

My setup
Draytek Vigor 120 PPPoA<->PPPoE (ether1) ↔ RB951G-2HnD ↔ masquerade PPPoE bridge eth2+wifi ↔ my computers

filter chain input action drop meant to drop only packets addressed to the router (e.g webbox, winbox connections). somehow it drops most (not all!) connections between PCs and internet.
any ideas how to fix this issue or to find any workaround? need to restrict (block) access to my RB from both internet and local network, while keeping all the forward traffic untouched.

Feklar · April 16, 2013, 4:39pm

You are going to have to give a complete export of your firewall, preferably filter and NAT, before anyone can even begin to comment on what is going on.

CelticComms · April 16, 2013, 4:49pm

Are you sure the clients are using the web proxy?

Caci99 · April 16, 2013, 5:22pm

Or maybe DNS? Are your computers using the router as DNS server?

zbaracki · April 17, 2013, 1:26am

Problem solved.
Completely forgot about web proxy. After some experiments I’ve left it enabled and didn’t create firewall rules for it.

Thanks to all