Maybe upnp is the culprit. (If you have it enabled )
My router shows the following rule in /tmp/nat_rules:
When I access the NAT section from the webpage, this rule does not show up. Only my port forwarding rules for my internal webserver (ports 80 and 443) and the SSH port (22) are shown.Code:/tmp/nat_rules:-A PREROUTING -p udp -m udp -d <my public ip address> --dport 31104 -j DNAT --to-destination 192.168.1.201:16664
Two questions:
1) How did it get there (I did not enter it myself)?
2) How to remove it?
Thanks,
joozju
Maybe upnp is the culprit. (If you have it enabled )
Yes, I also saw something very similar. Got very worried, tried in vain to get it away via the web interface. Finally rebooted the router - and it was gone.
Is this a sign that someone has compromised the network and set it up like this, or does it have some natural cause, like some legal traffic originating from inside making the kernel set this up for reply traffic? Anybody knows?
As wztm said - DISABLE UPnP.
As suggested, I looked at this configuration parameter but my setting at "Enable UPnP" is set to "No". It could be that the Plug-and-Play device has to "unregister"? Because the PREROUTING rule is still there.
There is also this thread on howto remove entries..
http://wl500g.info/showthread.php?t=1933