Basic (read possilbly dumb) blocked firewall entry
-
..not sure how this can happen.. Reviewing my system firewall logs, I have one for a blocked request that has the "source IP" as a place in the China, but the "destination IP" is the exact internal address of my server (192.168.3.150 to port 80), instead of my public WAN address !
I do not have any NAT or rules allowing traffic in to HTTP on the server, how can someone find out the exact internal IP address ?-NJ
-
You don't have port forwarding setup?
This is the result I would expect from having port 80 forwarded but no firewall rule in place to allow it.
This is probably the wrong section in the forum for this.
Steve
-
If you see an entry like that, you have to have a NAT rule setup that is doing it.
Whether it's a port forward entry, 1:1 NAT, or from UPnP, it has to be there or it wouldn't be showing in that way. (Assuming the interface on that log message was WAN)
-
Thanks for the replies …at the time the log came is I did not have the port forwarded, though I had been trying to set it up sometime before. Maybe it was delay in the log posting list ?... Anyway, I have not had a recurrence. One thing I have noticed though, is that the Country Block package keeps turning itself off. Every time I check it through the WebGIU > Firewall > Country Block tab, it shows the enable box is not checked and the bottom of the page says "Currents Status= not running". Any ideas ?... I also can't seem to get denyhosts started. When I click the "start service" button it goes through the motions, but the Status>services page shows it is stopped.
I have a Soekris 5501 with a hard-drive install of v1.2.3
Cheers,
-NJ