Firewall not working on 1.9.2.7 CR3c?

[bumper]

I have not seen this for previous versions, then again, didn't look to hard for it either.

Recently, I have noticed that a lot of traffic is still hitting my software firewall on ports that are not defined on the wl500g. Internet Firewall is enabled and the amount of hits is not too extreme (so I do think some attacks are blocked) but around 50 attempts on various ports. Shouldn't all these connectionattempts be stopped at the wl500g instead?

Patrick

[Antiloop]

copy paste firewall logs please,
perhaps it is your own network..

[wiz]

maybe you have upnp enabled?

[bumper]

Hi Guys,

I've doublechecked, UPNP is disabled, Internet Firewall is enabled. My DSL modem is configured to send all incoming traffic to the Asus.

I have configured several ports 65530, 65531 and 83 to be forwarded to one of my internal machines. The firewall log (mcafee) on that machine shows (note, only a selection, there are several)

2005/02/18 14:11:05 200.84.227.77:11245 (200-84-227-77.genericrev.cantv.net) 192.168.1.150:1600 Poort 1600 (TCP)
2005/02/18 13:55:36 84.222.90.217:4662 (host-84-222-90-217.cust-adsl.tiscali.it) 192.168.1.150:1072 Poort 1072 (TCP)
2005/02/18 08:52:03 84.98.195.147:4662 (147.195.98-84.rev.gaoland.net) 192.168.1.150:4225 Poort 4225 (TCP)
2005/02/18 02:13:14 82.135.6.234:4662 (ppp-82-135-6-234.mnet-online.de) 192.168.1.150:3758 Poort 3758 (TCP)

Strangely enough, another machine, that has ports 80, 81 and 110 forwarded to it shows no entries in the firewall log whatsoever.

[Oleg]

So, why do you think it does not work. You've enabled portforwards, that is why external hosts is able to communicate with your PC.

[bumper]

If I only forward ports 65530, 65531 and 83, shouldn't those be the only ones that reach my internal machine?

[Oleg]

hm, run

Code:

iptables -L -vn
iptables -t nat -L -vn

[bumper]

iptables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

183 11421 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
74926 6483K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6591 395K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
1033 157K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
18 864 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.150 tcp dpt:21
1058 114K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 43055 packets, 2493K bytes)
pkts bytes target prot opt in out source destination

3207K 2284M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
30451 1500K ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burst 5
193 7756 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.150 tcp dpt:83
2264 305K ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.150 tcp dpt:65530
18196 1174K ACCEPT udp -- * * 0.0.0.0/0 192.168.1.150 udp dpt:65531
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.200 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.200 tcp dpt:80
80 3856 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.200 tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.150 tcp dpt:3389
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6112

Chain OUTPUT (policy ACCEPT 83145 packets, 9784K bytes)
pkts bytes target prot opt in out source destination

Chain MACS (0 references)
pkts bytes target prot opt in out source destination

0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0

Chain logaccept (0 references)
pkts bytes target prot opt in out source destination

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0


Chain logdrop (0 references)
pkts bytes target prot opt in out source destination

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `DROP'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


[admin@(none) root]$ iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 37178 packets, 2365K bytes)
pkts bytes target prot opt in out source destination

1 48 DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:83 to:192.168.1.150
23183 1225K DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:65530 to:192.168.1.150
18233 1176K DNAT udp -- * * 0.0.0.0/0 10.0.0.150
udp dpt:65531 to:192.168.1.150
39 1872 DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:110 to:192.168.1.200
23 1080 DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:80 to:192.168.1.200
226 11984 DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:81 to:192.168.1.200
1 48 DNAT tcp -- * * 0.0.0.0/0 10.0.0.150
tcp dpt:3389 to:192.168.1.150
0 0 NETMAP udp -- * * 0.0.0.0/0 10.0.0.150
udp spt:6112 192.168.1.0/24

Chain POSTROUTING (policy ACCEPT 48309 packets, 2812K bytes)
pkts bytes target prot opt in out source destination

0 0 NETMAP udp -- * * 192.168.1.0/24 0.0.0.0/0
udp dpt:6112 10.0.0.150/32
35274 2114K MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0

8 2344 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0
/24

Chain OUTPUT (policy ACCEPT 6710 packets, 405K bytes)
pkts bytes target prot opt in out source destination

[Wesleyrpg]

before you panic too much, try the 'shields up' program at www.grc.com, do the 'common ports' and 'all service ports' test.

i just checked the first 1056 posts and all of mine are stealthed and i got the same firmware.....maybe mcafee is a little screwey?

[Oleg]

It looks like you've e-mule running on your PC and it's also possible, that external PC's have sent an answer to your query or whatever. This way wl500g accepts external trafic to make your PC happy.

[tomilius]

Might this be related to the new "Bogus ASUS firewall" thread?