Netgate m1n1wall

Author Topic: Basic (read possilbly dumb) blocked firewall entry  (Read 1321 times)

0 Members and 1 Guest are viewing this topic.

Offline njaimo

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Basic (read possilbly dumb) blocked firewall entry
« on: March 09, 2011, 11:18:30 pm »
..not sure how this can happen.. Reviewing my system firewall logs, I have one for a blocked request that has the "source IP" as a place in the China, but the "destination IP" is the exact internal address of my server (192.168.3.150 to port 80), instead of my public WAN address !
I do not have any NAT or rules allowing traffic in to HTTP on the server, how can someone find out the exact internal IP address ?

-NJ

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8156
  • Karma: +5/-0
    • View Profile
Re: Basic (read possilbly dumb) blocked firewall entry
« Reply #1 on: March 10, 2011, 06:37:27 am »
You don't have port forwarding setup?

This is the result I would expect from having port 80 forwarded but no firewall rule in place to allow it.

This is probably the wrong section in the forum for this.

Steve

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14976
  • Karma: +4/-0
    • View Profile
Re: Basic (read possilbly dumb) blocked firewall entry
« Reply #2 on: March 10, 2011, 10:54:05 am »
If you see an entry like that, you have to have a NAT rule setup that is doing it.

Whether it's a port forward entry, 1:1 NAT, or from UPnP, it has to be there or it wouldn't be showing in that way. (Assuming the interface on that log message was WAN)
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline njaimo

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Basic (read possilbly dumb) blocked firewall entry
« Reply #3 on: March 11, 2011, 09:59:33 pm »
Thanks for the replies ...at the time the log came is I did not have the port forwarded, though I had been trying to set it up sometime before.  Maybe it was delay in the log posting list ?...  Anyway, I have not had a recurrence.  One thing I have noticed though, is that the Country Block package keeps turning itself off.  Every time I check it through the WebGIU > Firewall > Country Block tab, it shows the enable box is not checked and the bottom of the page says "Currents Status= not running".  Any ideas ?...  I also can't seem to get denyhosts started.  When I click the "start service" button it goes through the motions, but the Status>services page shows it is stopped. 

I have a Soekris 5501 with a hard-drive install of v1.2.3

Cheers,

-NJ