Bug 12756 - IPS drops Unbound traffic from an IPFire located behind another IPFire
Summary: IPS drops Unbound traffic from an IPFire located behind another IPFire
Status: CLOSED NOTABUG
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: - Unknown - Major Usability
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact: Arne.F
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-04 17:43 UTC by Peter Müller
Modified: 2025-01-07 20:20 UTC (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2022-01-04 17:43:48 UTC 
As discussed in https://wiki.ipfire.org/devel/telco/2022-01-03, I am raising a bug for investigating into this issue. It appears to have been around for a long time, particularly affecting IPFire users behind a slow internet connection, running another ("nested") IPFire behind it.

In such cases, Suricata seems to block necessary Unbound traffic after a little while (within minutes?), causing DNS not to work properly anymore on the second machine. Unfortunately, nothing is logged.

Arne is observing this in his environment.
Comment 1 Peter Müller 2022-01-04 17:44:57 UTC 
@Stefan: I vaguely remember you mentioned being able to force Suricata logging such packets/incidents. If this is correct, could you tell us what you did and/or maybe help Arne investigating on this? Thanks.
Comment 2 Michael Tremer 2024-11-30 15:14:13 UTC 
Is this still a problem?
Comment 3 Adolf Belka 2025-01-07 20:20:37 UTC 
There has been no response back on this for the last 5 weeks so it is being closed as no longer being a problem.

If it is still a problem currently then the bug can be re-opened and the supporting information provided.