I have a Balance One with firmware 7.1.2 and one WAN interface enabled. WAN1 interface is in NAT / DHCP mode. No NAT mappings defined.
There’s one port forwarding rule enabled on the WAN1 interface to an internal NAS (LAN address).
With default inbound firewall rule of “allow all” everything works (as expected).
If I add a deny inbound firewall rule above the default rule like this:
protocol: TCP
source IP: any
source port: any
destination IP: internal LAN IP of the NAS
destination port: NAS port
I get a lot of deny logs in the event log, but I can still connect from the Internet to my NAS!
CONN=WAN1 MAC=XXXXX SRC=213.233.108.169 DST=10.X.X.X LEN=64 TOS=0x00 PREC=0x40 TTL=53 ID=0 DF PROTO=TCP SPT=19486 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0xd
I even changed the default inbound rule from allow all to deny all and I can still connect!
This is the port forwarding configuration:
This is the firewall configuration:
Why is this behaving like this? Wasn’t the firewall supposed to block the external access if deny all is configured?
Thank you all for support!
Mihnea