NEW Log of suspicious addresses in Hex S

DEFC19 · February 16, 2020, 12:12pm

Good morning, I’m new to the forums and the Mikrotik environment.

The first impression of the devices is more than satisfactory, I did not expect so much for so little.

I am testing in a controlled environment with 2 Hex S, its configuration is simple.

Nat mode, “WAN 192.168.10 - LAN 10.20.20.0”

I have visited the Mikrotik wiki applying the entire safety recommendation: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

The part of the firewall I want to gradually test and understand the behavior on the network.

I started with a simple setup, I admit suggestions ..

I have activated the Log and my surprise is a number of connection attempts from public IPs.

I suspect the test network is in an alert state.
What firewall recommendations would help me strengthen the network and consolidate knowledge?

Thank you for everything, forgive my English, it is not my native language.

WeWiNet · February 17, 2020, 5:41pm

224.0.0.1 is multi cast on local network.

Its your modem (or GW) at 192.168.0.1 exchanging with clients connected on the local network to it (your Mikrotik router for example).

DEFC19 · February 18, 2020, 9:59pm

THANK!!

WeWiNet · February 19, 2020, 5:31pm

In general if I have traffic I don’t know/understand, I add a drop rule for that traffic and observe what happens.
If your network still works you keep that rule (why do I want traffic that does nothing), if it shows problems
I change it into an “accept” rule and add a comment explaining what it is used for.

This is trial and error approach to firewalling.