Page 1 of 1

Firewall setup problem

Posted: Thu Jan 09, 2014 3:14 am
by imaljko4
After setting up the firewall like described in the WIKI here:
http://wiki.mikrotik.com/wiki/Basic_uni ... all_script

I am constantly having dropped packets, from different IP addresses, showing up in my logg.

Did i misconfigure something, or is it normal to have so many dropped packets?

Here are my loggs:
Jan/08/2014 22:46:13 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 210.92.80.169:1098->"my WAN IP XXX ":445, len 48
Jan/08/2014 22:46:16 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 210.92.80.169:1098->"my WAN IP XXX ":445, len 48
Jan/08/2014 22:51:13 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 22:53:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:32 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:34 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:38 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:53:46 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:54:01 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:54:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:55:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 80.82.79.30:44325->"my WAN IP XXX ":21320, len 40
Jan/08/2014 22:56:13 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 22:59:00 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 206.79.196.251:52341->"my WAN IP XXX ":3389, len 44
Jan/08/2014 22:59:00 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 206.79.196.251:52341->"my WAN IP XXX ":3389, len 44
Jan/08/2014 22:59:01 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 206.79.196.251:52341->"my WAN IP XXX ":3389, len 44
Jan/08/2014 22:59:02 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 206.79.196.251:52341->"my WAN IP XXX ":3389, len 44
Jan/08/2014 22:59:06 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 206.79.196.251:52341->"my WAN IP XXX ":3389, len 41
Jan/08/2014 22:59:28 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 190.94.12.168:1252->"my WAN IP XXX ":445, len 48
Jan/08/2014 22:59:29 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 190.94.12.168:1252->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:01:12 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:06:12 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:06:53 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 187.112.207.25:2641->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:06:55 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 187.112.207.25:2641->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:07:29 system,info,account user xxx logged in from "support IP" via winbox
Jan/08/2014 23:08:17 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 1.93.37.141:58457->"my WAN IP XXX ":22, len 44
Jan/08/2014 23:08:18 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 1.93.37.141:58458->"my WAN IP XXX ":22, len 44
Jan/08/2014 23:09:45 system,info,account user xxx logged out from "support IP" via winbox
Jan/08/2014 23:11:13 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:16:15 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:21:15 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:26:12 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:27:50 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:27:53 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,FIN), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:27:54 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,FIN), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:27:57 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,FIN), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:28:02 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,FIN), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:28:12 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,FIN), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:28:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (ACK,RST), 116.212.237.42:58370->"my WAN IP XXX ":5900, len 40
Jan/08/2014 23:28:54 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:59721->"my WAN IP XXX ":5900, len 60
Jan/08/2014 23:28:55 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:59721->"my WAN IP XXX ":5900, len 60
Jan/08/2014 23:29:21 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:37696->"my WAN IP XXX ":21320, len 44
Jan/08/2014 23:29:21 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:37696->"my WAN IP XXX ":21320, len 44
Jan/08/2014 23:29:22 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:37696->"my WAN IP XXX ":21320, len 44
Jan/08/2014 23:29:23 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:37696->"my WAN IP XXX ":21320, len 44
Jan/08/2014 23:31:12 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:34:40 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 91.208.16.3:4723->"my WAN IP XXX ":5900, len 48
Jan/08/2014 23:34:42 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 91.208.16.3:4723->"my WAN IP XXX ":5900, len 48
Jan/08/2014 23:36:12 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:36:40 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 81.142.92.61:64593->"my WAN IP XXX ":5800, len 44
Jan/08/2014 23:36:41 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 81.142.92.61:64593->"my WAN IP XXX ":5800, len 44
Jan/08/2014 23:36:42 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 81.142.92.61:64593->"my WAN IP XXX ":5800, len 44
Jan/08/2014 23:36:43 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 81.142.92.61:64593->"my WAN IP XXX ":5800, len 44
Jan/08/2014 23:37:01 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 89.35.206.43:2540->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:37:03 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 89.35.206.43:2540->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:41:22 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:41:25 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 189.71.148.14:2912->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:41:28 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 189.71.148.14:2912->"my WAN IP XXX ":445, len 48
Jan/08/2014 23:46:10 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:61071->"my WAN IP XXX ":5904, len 44
Jan/08/2014 23:46:10 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:61071->"my WAN IP XXX ":5904, len 44
Jan/08/2014 23:46:11 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:61071->"my WAN IP XXX ":5904, len 44
Jan/08/2014 23:46:12 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:61071->"my WAN IP XXX ":5904, len 44
Jan/08/2014 23:46:22 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:47:55 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto UDP, 211.81.31.54:4335->"my WAN IP XXX ":1434, len 404
Jan/08/2014 23:51:17 info fetch: file "dyndns.checkip.html" created
Jan/08/2014 23:56:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:01:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:01:15 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:48228->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:01:16 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:48228->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:01:17 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:48228->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:01:18 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:48228->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:04:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 195.178.109.14:55082->"my WAN IP XXX ":5900, len 60
Jan/09/2014 00:04:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 195.178.109.14:55082->"my WAN IP XXX ":5900, len 60
Jan/09/2014 00:06:15 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:11:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:14:46 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 216.127.161.29:1388->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:14:48 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 216.127.161.29:1388->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:16:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:16:44 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 86.7.134.69:46446->"my WAN IP XXX ":43182, len 60
Jan/09/2014 00:16:46 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 86.7.134.69:46446->"my WAN IP XXX ":43182, len 60
Jan/09/2014 00:16:54 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 86.7.134.69:46446->"my WAN IP XXX ":43182, len 60
Jan/09/2014 00:17:24 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 122.3.238.52:4191->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:17:26 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 122.3.238.52:4191->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:21:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:26:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:31:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:31:45 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:59162->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:31:45 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:59162->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:31:46 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:59162->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:31:47 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:59162->"my WAN IP XXX ":21320, len 44
Jan/09/2014 00:33:33 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto UDP, 5.135.146.0:54544->"my WAN IP XXX ":19, len 29
Jan/09/2014 00:36:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:36:45 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 41.129.178.78:53534->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:36:47 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 41.129.178.78:53534->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:40:17 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 190.73.101.7:3269->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:40:19 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 190.73.101.7:3269->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:41:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:45:29 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:41482->"my WAN IP XXX ":5900, len 44
Jan/09/2014 00:45:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:41482->"my WAN IP XXX ":5900, len 44
Jan/09/2014 00:45:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:41482->"my WAN IP XXX ":5900, len 44
Jan/09/2014 00:45:32 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:41482->"my WAN IP XXX ":5900, len 44
Jan/09/2014 00:46:22 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 00:47:00 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 93.174.93.67:58533->"my WAN IP XXX ":21320, len 40
Jan/09/2014 00:51:21 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 161.139.18.199:2706->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:51:24 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 161.139.18.199:2706->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:55:31 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 179.13.169.52:2609->"my WAN IP XXX ":445, len 48
Jan/09/2014 00:56:41 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 216.70.252.116:3725->"my WAN IP XXX ":445, len 52
Jan/09/2014 00:56:44 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 216.70.252.116:3725->"my WAN IP XXX ":445, len 52
Jan/09/2014 01:01:05 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 31.3.251.74:51488->"my WAN IP XXX ":3389, len 52
Jan/09/2014 01:01:07 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 31.3.251.74:51488->"my WAN IP XXX ":3389, len 52
Jan/09/2014 01:01:13 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 31.3.251.74:51488->"my WAN IP XXX ":3389, len 48
Jan/09/2014 01:01:28 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 38.67.131.26:2614->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:01:30 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 38.67.131.26:2614->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:02:58 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 217.19.147.51:2813->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:03:00 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 217.19.147.51:2813->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:06:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:08:25 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 207.244.64.117:51015->"my WAN IP XXX ":5900, len 52
Jan/09/2014 01:08:27 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 207.244.64.117:51015->"my WAN IP XXX ":5900, len 52
Jan/09/2014 01:11:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:13:03 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 110.80.46.138:3053->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:13:04 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 110.80.46.138:3053->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:15:25 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 81.142.92.61:62013->"my WAN IP XXX ":5800, len 52
Jan/09/2014 01:16:03 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 72.36.46.5:4264->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:16:05 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 72.36.46.5:4264->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:16:13 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:18:58 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto UDP, 106.158.81.73:49325->"my WAN IP XXX ":11426, len 48
Jan/09/2014 01:19:40 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 201.242.46.203:1805->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:19:42 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 201.242.46.203:1805->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:21:12 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:25:02 system,info,account user xxx logged in from "support IP" via winbox
Jan/09/2014 01:26:20 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:26:23 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 195.178.109.14:42079->"my WAN IP XXX ":5900, len 60
Jan/09/2014 01:26:24 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 195.178.109.14:42079->"my WAN IP XXX ":5900, len 60
Jan/09/2014 01:29:15 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 46.26.212.43:4377->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:29:18 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 46.26.212.43:4377->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:29:24 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 46.26.212.43:4377->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:31:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:36:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:38:19 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 85.10.199.154:53491->"my WAN IP XXX ":32764, len 40
Jan/09/2014 01:38:57 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:49957->"my WAN IP XXX ":5904, len 44
Jan/09/2014 01:38:58 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:49957->"my WAN IP XXX ":5904, len 44
Jan/09/2014 01:38:59 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:49957->"my WAN IP XXX ":5904, len 44
Jan/09/2014 01:39:00 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 194.106.140.5:49957->"my WAN IP XXX ":5904, len 44
Jan/09/2014 01:41:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:46:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:51:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:52:56 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 116.212.237.42:50118->"my WAN IP XXX ":5900, len 44
Jan/09/2014 01:52:57 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 116.212.237.42:50118->"my WAN IP XXX ":5900, len 44
Jan/09/2014 01:52:58 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 116.212.237.42:50118->"my WAN IP XXX ":5900, len 44
Jan/09/2014 01:52:59 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 116.212.237.42:50118->"my WAN IP XXX ":5900, len 44
Jan/09/2014 01:54:55 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto UDP, 85.25.199.95:5165->"my WAN IP XXX ":5060, len 439
Jan/09/2014 01:56:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 01:58:20 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 219.242.30.59:4035->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:58:23 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 219.242.30.59:4035->"my WAN IP XXX ":445, len 48
Jan/09/2014 01:59:35 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:53443->"my WAN IP XXX ":21320, len 44
Jan/09/2014 01:59:36 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:53443->"my WAN IP XXX ":21320, len 44
Jan/09/2014 01:59:37 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:53443->"my WAN IP XXX ":21320, len 44
Jan/09/2014 01:59:38 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 80.82.79.30:53443->"my WAN IP XXX ":21320, len 44
Jan/09/2014 02:00:01 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 89.23.105.56:2702->"my WAN IP XXX ":445, len 48
Jan/09/2014 02:00:04 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 89.23.105.56:2702->"my WAN IP XXX ":445, len 48
Jan/09/2014 02:01:11 info fetch: file "dyndns.checkip.html" created
Jan/09/2014 02:02:15 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:51473->"my WAN IP XXX ":5900, len 60
Jan/09/2014 02:02:16 firewall,info DROP INPUT input: in:"3G DONGLE- WAN" out:(none), proto TCP (SYN), 84.201.238.107:51473->"my WAN IP XXX ":5900, len 60


Thank you for help

Re: Firewall setup problem

Posted: Thu Jan 09, 2014 4:26 am
by scampbell
That is pretty normal. These are attempts by outside hosts trying to connect to common ports on your router such as RDP (3389) etc.

Disable logging for the Input rule if you want to stop seeing these entries. You can always enable the logging again for diagnostics if necessary.

Re: Firewall setup problem

Posted: Thu Jan 09, 2014 11:36 am
by imaljko4
That is pretty normal. These are attempts by outside hosts trying to connect to common ports on your router such as RDP (3389) etc.

Disable logging for the Input rule if you want to stop seeing these entries. You can always enable the logging again for diagnostics if necessary.
ok. so i can be sure that this is not some kind of service that is blocked and that i would need to enable?

I am a bit suspicious because there are so many logs happening every few minutes. So , its normal that the these outside attempts (outside hosts trying to connect) happen so often?


THanks

Re: Firewall setup problem

Posted: Thu Jan 09, 2014 4:55 pm
by falestiny
thats normal and you do not need to worry about as its all dropped connection.

Re: Firewall setup problem

Posted: Thu Jan 09, 2014 10:11 pm
by imaljko4
Thank you