Basic (read possilbly dumb) blocked firewall entry



  • ..not sure how this can happen.. Reviewing my system firewall logs, I have one for a blocked request that has the "source IP" as a place in the China, but the "destination IP" is the exact internal address of my server (192.168.3.150 to port 80), instead of my public WAN address !
    I do not have any NAT or rules allowing traffic in to HTTP on the server, how can someone find out the exact internal IP address ?

    -NJ


  • Netgate Administrator

    You don't have port forwarding setup?

    This is the result I would expect from having port 80 forwarded but no firewall rule in place to allow it.

    This is probably the wrong section in the forum for this.

    Steve


  • Rebel Alliance Developer Netgate

    If you see an entry like that, you have to have a NAT rule setup that is doing it.

    Whether it's a port forward entry, 1:1 NAT, or from UPnP, it has to be there or it wouldn't be showing in that way. (Assuming the interface on that log message was WAN)



  • Thanks for the replies …at the time the log came is I did not have the port forwarded, though I had been trying to set it up sometime before.  Maybe it was delay in the log posting list ?...  Anyway, I have not had a recurrence.  One thing I have noticed though, is that the Country Block package keeps turning itself off.  Every time I check it through the WebGIU > Firewall > Country Block tab, it shows the enable box is not checked and the bottom of the page says "Currents Status= not running".  Any ideas ?...  I also can't seem to get denyhosts started.  When I click the "start service" button it goes through the motions, but the Status>services page shows it is stopped.

    I have a Soekris 5501 with a hard-drive install of v1.2.3

    Cheers,

    -NJ


Log in to reply