next »

[njaimo]

..not sure how this can happen.. Reviewing my system firewall logs, I have one for a blocked request that has the "source IP" as a place in the China, but the "destination IP" is the exact internal address of my server (192.168.3.150 to port 80), instead of my public WAN address !
I do not have any NAT or rules allowing traffic in to HTTP on the server, how can someone find out the exact internal IP address ?

-NJ

[stephenw10]

You don't have port forwarding setup?

This is the result I would expect from having port 80 forwarded but no firewall rule in place to allow it.

This is probably the wrong section in the forum for this.

Steve

[jimp]

If you see an entry like that, you have to have a NAT rule setup that is doing it.

Whether it's a port forward entry, 1:1 NAT, or from UPnP, it has to be there or it wouldn't be showing in that way. (Assuming the interface on that log message was WAN)

[njaimo]

Thanks for the replies ...at the time the log came is I did not have the port forwarded, though I had been trying to set it up sometime before.  Maybe it was delay in the log posting list ?...  Anyway, I have not had a recurrence.  One thing I have noticed though, is that the Country Block package keeps turning itself off.  Every time I check it through the WebGIU > Firewall > Country Block tab, it shows the enable box is not checked and the bottom of the page says "Currents Status= not running".  Any ideas ?...  I also can't seem to get denyhosts started.  When I click the "start service" button it goes through the motions, but the Status>services page shows it is stopped. 

I have a Soekris 5501 with a hard-drive install of v1.2.3

Cheers,

-NJ