Is it possible to log rejected incoming connection attempts

Michael234 · November 14, 2018, 8:41am

Is it possible to log unsolicited incoming connection attempts that the router firewall has blocked?

Under the Advanced tab (firmware v7.1) I have set a number of Inbound Firewall rules similar to this one for Telnet.

Others I set were for port 3389 RDP, port 5900 VNC, port 2323 Mirai botnet and port 443 TLS. None of them have generated an entry in the Event Log and the rules have been active for a very long time. The router, a Surf SOHO is connected to a modem and then directly to the Internet.

TK_Liew · November 14, 2018, 9:05pm

This is possible.

Enable NAT Mapping

You can do NAT Mapping to one of the device in LAN. This allows all incoming connection to the device.

Add this firewall rule with Event Logging enabled

Hope this helps.

Michael234 · November 17, 2018, 3:43pm

Thanks but I am not familiar with NAT mapping. What is least intrusive or invasive option for NAT mapping? Can it be enabled for a single IP address that is not used by any device?

TK_Liew · November 18, 2018, 9:28pm

NAT Mapping will do one to one IP natting (inbound and outbound). You should apply firewall rule to guard the LAN host after NAT Mapping is enabled. You could do the NAT mapping to a dummy LAN host to achieve your requirement.

Please take note, this is recommended for traffic analysis purpose only.