How to allow the passage of such packets?

B

BarakudaX7772018-12-30 15:05:35

iptables

BarakudaX777, 2018-12-30 15:05:35

Good afternoon. Happy New Year!
Please, tell me please.
There is an application running on the network, the gateway is Ubuntu. The program connects to external sources via TCP and UPD ports 27000-27040, if I disable ufw then the program works fine.
If I include ufw on the gateway that is not connected. The
following is written in the UFW logs:

Dec 30 16:59:51 proxy kernel: [67404.138394] [UFW BLOCK] IN=enp4s0 OUT=enp3s1 MAC=90:2b:34:33:ba:32:00:1e:67:57:3f:2f:08:00 SRC=192.168.30.202 DST=155.133.248.52 LEN=52 TOS=0x02 PREC=0x00 TTL=127 ID=10777 DF PROTO=TCP SPT=56673 DPT=27020 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0

ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere
3128                       ALLOW IN    Anywhere
3128/tcp                   ALLOW IN    Anywhere
80,443/tcp (Apache Full)   ALLOW IN    Anywhere
8000                       ALLOW IN    Anywhere
80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
443/tcp (Apache Secure)    ALLOW IN    Anywhere
80/tcp (Apache)            ALLOW IN    Anywhere
11011                      ALLOW IN    Anywhere
25/tcp                     ALLOW IN    Anywhere
25                         ALLOW IN    Anywhere
587                        ALLOW IN    Anywhere
993                        ALLOW IN    Anywhere
143                        ALLOW IN    Anywhere
465                        ALLOW IN    Anywhere
3129                       ALLOW IN    Anywhere
62066                      ALLOW IN    Anywhere
26022                      ALLOW IN    Anywhere
27015:27030/tcp            ALLOW IN    Anywhere
27015:27030/udp            ALLOW IN    Anywhere
27000:27015/udp            ALLOW IN    Anywhere
27031:27036/udp            ALLOW IN    Anywhere
27036:27037/tcp            ALLOW IN    Anywhere
4380                       ALLOW IN    Anywhere
Anywhere                   ALLOW IN    192.168.30.202
62066/udp                  ALLOW IN    Anywhere
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)
3128 (v6)                  ALLOW IN    Anywhere (v6)
3128/tcp (v6)              ALLOW IN    Anywhere (v6)
3127 (v6)                  ALLOW IN    Anywhere (v6)
80,443/tcp (Apache Full (v6)) ALLOW IN    Anywhere (v6)
8000 (v6)                  ALLOW IN    Anywhere (v6)
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN    Anywhere (v6)
80/tcp (Apache (v6))       ALLOW IN    Anywhere (v6)
11011 (v6)                 ALLOW IN    Anywhere (v6)
25/tcp (v6)                ALLOW IN    Anywhere (v6)
25 (v6)                    ALLOW IN    Anywhere (v6)
587 (v6)                   ALLOW IN    Anywhere (v6)
993 (v6)                   ALLOW IN    Anywhere (v6)
143 (v6)                   ALLOW IN    Anywhere (v6)
465 (v6)                   ALLOW IN    Anywhere (v6)
3129 (v6)                  ALLOW IN    Anywhere (v6)
62066 (v6)                 ALLOW IN    Anywhere (v6)
26022 (v6)                 ALLOW IN    Anywhere (v6)
27015:27030/tcp (v6)       ALLOW IN    Anywhere (v6)
27015:27030/udp (v6)       ALLOW IN    Anywhere (v6)
27000:27015/udp (v6)       ALLOW IN    Anywhere (v6)
27031:27036/udp (v6)       ALLOW IN    Anywhere (v6)
27036:27037/tcp (v6)       ALLOW IN    Anywhere (v6)
4380 (v6)                  ALLOW IN    Anywhere (v6)
62066/udp (v6)             ALLOW IN    Anywhere (v6)

iptables -L |grep 270

ACCEPT     tcp  --  anywhere             anywhere             tcp spts:27000:27030
ACCEPT     udp  --  anywhere             anywhere             udp spts:27000:27030
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:27000:27030
ACCEPT     udp  --  anywhere             anywhere             udp dpts:27000:27030
ACCEPT     tcp  --  anywhere             anywhere             tcp spts:27000:27030
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:27000:27030
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 27015:27030
ACCEPT     udp  --  anywhere             anywhere             multiport dports 27015:27030
ACCEPT     udp  --  anywhere             anywhere             multiport dports 27000:27015
ACCEPT     udp  --  anywhere             anywhere             multiport dports 27031:27036
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 27036:27037