Hi All,
I was wondering why is my WAN interface has lots of activity, even though no one is using my LAN. It slows down my network. TORCH displayed several ip addresses sending/receiving data.
What should I do to stop this? Is this malware/botnet activity?
Hard to tell without knowing what IP addresses are showing, and which of them are yours. Could just be the Internet at large scanning your router - which you can’t do anything about. You can drop that traffic at your router, but you can’t prevent your provider from putting the traffic on the link and sending it to your WAN interface.
Can you help me?
I have contacted several consultants but they are very busy and some didn’t even bother to reply my emails.
I want someone to check my router settings on my firewall, etc…
Pls. PM me so I can send you my contact details.
Sorry, I don’t consult.
On a sidenote, though, PMs are turned off globally in this forum.
thanks.
Anyway, I have added some firewall rules from tutorials and it seems it has solved the problem.
Another problem came out, I could not access user manager via web interface.
Any ideas what to check with my firewall rules?
Are you blocking the port it is listening on? If that router isn’t directly connected to the WAN are you port forwarding correctly, and not blocking that port, either? Is your ISP blocking that port? Are you port forwarding but using the public IP from the inside and don’t have hairpin NAT set up?
Those are wild guesses. If you want specific ideas post a network diagram and your config
You can add your own IP address as exception in all your INPUT DROP rules. If you like, I can ping or scan public interface. Write me an e-mail.