Originally Posted by
lly
Can't reproduce situation on my home gateway router (it have a real IP), please describe how you discover this exactly. External scanner? What else?
btw. DHCP, by default, can assign only LAN addresses.
I used an external scanner, also a portscan directly on the wan port of the router.
I discovered this because I had hughe cpu usages on various services like upnp, samba, webcam server etc.
Also the dhcp leases came from outside my network, leasing a local network IP... the mac adress was a false one, but I had like 30 false leases
(my wireless is set to wpa2 and a strong password, so that can't be the issue)
wpte:
do the following --- disable your post-firewall, enable firewall in web, and check if the problem persists. If yes, post here the output of iptables-save command
I did that and nothing comes thru..
I've actually been trying to get my firewall running properly for over the last 2 hours.
Now I've made it, that my firewall in the web is running with brute-force prevention enabled and a simple iptables script, by cutting the original one I had:
PHP Code:
#!/bin/sh
# This we know...
WANIF=eth1
LANIP=192.168.1.10
# deleting last firewal rules (policy)
iptables -D INPUT -j DROP
#iptables -D INPUT -j logdrop
# Standart open ports
iptables -A INPUT -p tcp --dport 3690 -j ACCEPT
iptables -A INPUT -p udp --dport 3690 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Torrent client rules
iptables -A INPUT -p tcp --dport 51413 -j ACCEPT
iptables -A INPUT -p udp --dport 51413 -j ACCEPT
iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 51777:51780 -j ACCEPT
iptables -I INPUT 1 -p udp -i "$1" --dport 6881 -j ACCEPT
#block bad ip-adresses
iptables -I INPUT -s 91.121.111.28 -j DROP
iptables -I INPUT -s 91.121.84.162 -j DROP
iptables -I INPUT -s 91.121.108.28 -j DROP
iptables -I INPUT -s 91.121.111.27 -j DROP
iptables -I INPUT -s 91.121.108.81 -j DROP
iptables -I INPUT -s 91.121.108.73 -j DROP
iptables -I INPUT -s 91.121.108.87 -j DROP
iptables -I INPUT -s 91.121.108.82 -j DROP
iptables -I INPUT -s 91.121.108.81 -j DROP
iptables -I INPUT -s 91.121.110.118 -j DROP
iptables -I INPUT -s 91.121.108.87 -j DROP
# Restablishing INPUT chain policy
#iptables -A INPUT -j logdrop
iptables -A INPUT -j DROP
I acutally have no idea why it suddenly works now, or why tamadite's script failed for some reason...
Also my FTP and SSH ports are closed now I believe. Do I need to port-forward these first and then apply the brute-force prevention or something?
Thanks for the quick responses, for some reason it seems to have something to do with the firmware in my eyes.
