Announcement

Collapse

Contacting HomeSeer This Week

HomeSeer is open and operational this week. All orders are being processed and shipped as usual. However, some staff are working from home. If you need to contact HomeSeer for support or customer service, please use our Email or Chat options. https://homeseer.com/contact-us/
See more
See less

Incoming messages with a DMZ host

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Incoming messages with a DMZ host

    I think I'm suffering paranoia now... j/k Just playing with build 11, and so far so good. Added my host that's in a DMZ but firewalled, and see a lot of incoming connections to that host. However the Destination lists as "P", and the ports it lists I know are closed. Are these just incoming connection attempts and not actual connections?

    Just curious,

    -Mike

  • #2
    P means that it was an incoming logs and that it passed (which means that the router allowed it thru).

    Maybe it is not working perfectly yet.

    I will take a look at the log snippet you sent me yesterday. What IP address are you seeing this with?
    Cheers,
    Bob
    Web site | Help Desk | Feature Requests | Message Board

    Comment


    • #3
      I was just looking at the log snippet you sent me.

      In these logs, what is IP address of 192.168.0.255:

      <12> kernel: ACCEPT IN=br0 OUT= PHYSIN=vlan0 PHYSOUT=eth1 MAC=ff:ff:ff:ff:ff:ff:00:20:a6:00:00:00:08:00 SRC=192.168.0.7 DST=192.168.0.255 LEN=102 TOS=0x00 PREC=0x00 TTL=64 ID=28199 PROTO=UDP SPT=1732 DPT=1732 LEN=82


      I see a lot of these in your log file.

      I am pretty sure that the plugin is thinking that since the destination ip address of (192.168.0.255) starts with the local subnet of 192.168, the plugin thinks that router forwarded the traffic to this ip so it marks is as PASSED (P).

      I am noticing that the source is also a local machine as well, so I think if I add another condition in the plugin where if the local and destination are both from the local subnet, then the log can be considered LOCAL (L), instead of passed. Is this true?

      Would these logs be considered local (moving between PCs inside your lan and not go out to the net at all)?

      If this is the case, I can make that fix and post a new build for you to try. You say that you are using a Linksys WRT54G V2. Mine is the same router as yours.

      Let me know if I am correct and I can make the change.
      Cheers,
      Bob
      Web site | Help Desk | Feature Requests | Message Board

      Comment


      • #4
        I just looked at the code and I am already checking this condition and setting to LOCAL (L).

        Can you send me your Settings.ini file from Homeseer? I want to check something.

        TIA
        Cheers,
        Bob
        Web site | Help Desk | Feature Requests | Message Board

        Comment


        • #5
          Actually the passing may make sense and be correct now that I know was P is. Since that PC, 192.168.0.3, is in the DMZ, the firewall WILL pass every request that's not forwarded elsewhere to it. However I think just because it passes it, doesn't mean it's an actual connection.

          I'll PM you the ini file.

          Thanks,

          -Mike

          Comment


          • #6
            Originally posted by mloebl
            Actually the passing may make sense and be correct now that I know was P is. Since that PC, 192.168.0.3, is in the DMZ, the firewall WILL pass every request that's not forwarded elsewhere to it. However I think just because it passes it, doesn't mean it's an actual connection.

            I'll PM you the ini file.

            Thanks,

            -Mike
            Every router's parser is different so I can change the parser for the WRT54G and not affect others using a different router.

            If you notice the word ACCEPT in the router log, this indicates that the router accepted the transaction, otherwise the word DROP would appear.

            What is IP address 192.168.0.255?
            Cheers,
            Bob
            Web site | Help Desk | Feature Requests | Message Board

            Comment


            • #7
              Originally posted by Blade
              Every router's parser is different so I can change the parser for the WRT54G and not affect others using a different router.

              If you notice the word ACCEPT in the router log, this indicates that the router accepted the transaction, otherwise the word DROP would appear.

              What is IP address 192.168.0.255?
              I believe .255 is the broadcast for the 192.168.0.0 subnet and not a physical address.

              -Mike

              Comment

              Working...
              X