cancel
Showing results for 
Search instead for 
Did you mean: 

Port forward was dropped?

7up
Community Veteran
Posts: 15,858
Thanks: 1,603
Fixes: 18
Registered: ‎01-08-2007

Port forward was dropped?

I connect into my PC from my phone via VPN.

In the Hub2 router, I have ports 1701 and 1723 set for the L2TP protocol which windows uses for VPN.

 

Today (and I thought I was imagining it a few days ago) I've been unable to connect.

Logged into the router when we got home to find that 1723 had vanished.

Why?

I'm also seeing devices that have connected to the router and had throughput - some in the GBs. I don't recognise any of them (but helpfully the hub doesn't display the last connection time - not that I can see anyway).

I need a new signature... i'm bored of the old one!
4 REPLIES 4
Champnet
Aspiring Hero
Posts: 2,905
Thanks: 1,089
Fixes: 15
Registered: ‎25-07-2007

Re: Port forward was dropped?

Immediately change  the router’s password,

Dan_the_Van
Hero
Posts: 3,155
Thanks: 1,573
Fixes: 90
Registered: ‎25-06-2007

Re: Port forward was dropped?

@7up 

For the Hub two you have to use admin to remove port forward rules, the event log does record when and the IP Address of a admin user.

08:07:55, 23 Dec. admin login success from 192.168.10.100
 
Look at connected devices is the device name unknown_<MAC Address>? Could it be a device with a randomised MAC address?
7up
Community Veteran
Posts: 15,858
Thanks: 1,603
Fixes: 18
Registered: ‎01-08-2007

Re: Port forward was dropped?

There are indeed a few unknowns in there.. trouble is I also have a couple of DHCP test clients that i've used in the past so it may well be those as one definitely generates random MAC addresses. The Hub2 also doesn't tell you how long it keeps the data for either which is a pain. Don't get me wrong, for a little device in a plastic box with no cooling fans making noise, it's an amazing gizmo and the web interface is better than previous offerings but there's always room for more features.

 

Had a quick look in the log, i can see plenty of external connections from various IPs trying to connect to my PCs VPN but at 3am when it's turned off, they've been unsuccessful. If there has been any malicious bypassing of the router via WiFi, I have two neighbouring houses as suspects and of those, I'd put my money on one having the motive, the other having the actual intelligence and capability. Unfortunately both get on rather well.

I need to export the log and have a proper look through it - the routers web interface is a tad limiting..

I need a new signature... i'm bored of the old one!
Dan_the_Van
Hero
Posts: 3,155
Thanks: 1,573
Fixes: 90
Registered: ‎25-06-2007

Re: Port forward was dropped?

I use notepad ++ to view the even log as I find it better than excel as the columns are for me not easy to define

If you want a second opinion I am happy to plough through the event log, attach to a PM if you want to restrict it's audience.

I'm also getting many dos port scanning and spoofing through the day which is a pain as the event log just fills up with those messages, currently the FWRL log only goes back to 11 December

For my VPN connection I use wireguard built on a headless raspberry pi 2 model B, I have also used a virtual system. 

The advantage for me using wireguard or openvpn is you can define your own port rather than use the default one which are targeted by those who you rather went away.