DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Country Object Blocking - Not Working?
- gtpc_ltd
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 51
- Thank you received: 0
22 Jan 2021 15:24 #98262
by gtpc_ltd
Country Object Blocking - Not Working? was created by gtpc_ltd
Hi,
We have a single Country Object setup for the United Kingdom, and a firewall rule Wan -> Lan Source UK, Pass, next a block everything else.
In the syslog we are seeing the obvious Blocks:
[FILTER][Block][WAN->LAN/RT/VPN, 286:40:44 ][@S:R=2:4, 79.124.62.110:40414->192.168.54.29:11868][TCP][HLen=20, TLen=44, Flag=S, Seq=873819315, Ack=0, Win=1024]
But also PASS:
[FILTER][Pass][WAN->LAN/RT/VPN, 286:40:35 ][@S:R=2:3, 52.114.88.57:443->192.168.54.46:53436][TCP][HLen=20, TLen=373, Flag=AP, Seq=405853158, Ack=2578146627, Win=64948]
52.114.88.57 - is the USA, so why is it being let through?
Is it the Draytek country lookup not working correctly (they don't seem to have a Geo Check IP anywhere), or something else?
Simon.
We have a single Country Object setup for the United Kingdom, and a firewall rule Wan -> Lan Source UK, Pass, next a block everything else.
In the syslog we are seeing the obvious Blocks:
[FILTER][Block][WAN->LAN/RT/VPN, 286:40:44 ][@S:R=2:4, 79.124.62.110:40414->192.168.54.29:11868][TCP][HLen=20, TLen=44, Flag=S, Seq=873819315, Ack=0, Win=1024]
But also PASS:
[FILTER][Pass][WAN->LAN/RT/VPN, 286:40:35 ][@S:R=2:3, 52.114.88.57:443->192.168.54.46:53436][TCP][HLen=20, TLen=373, Flag=AP, Seq=405853158, Ack=2578146627, Win=64948]
52.114.88.57 - is the USA, so why is it being let through?
Is it the Draytek country lookup not working correctly (they don't seem to have a Geo Check IP anywhere), or something else?
Simon.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
22 Jan 2021 18:02 #98266
by hornbyp
Replied by hornbyp on topic Re: Country Object Blocking - Not Working?
Please Log in or Create an account to join the conversation.
- gtpc_ltd
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 51
- Thank you received: 0
22 Jan 2021 18:10 #98267
by gtpc_ltd
Replied by gtpc_ltd on topic Re: Country Object Blocking - Not Working?
[FILTER][Pass][WAN->LAN/RT/VPN, 289:29:42 ][@S:R=2:3, 84.17.55.133:65082->192.168.54.29:5060][UDP][HLen=20, TLen=381]
Poland?
Poland?
Please Log in or Create an account to join the conversation.
- adrianh54
- Offline
- Member
Less
More
- Posts: 428
- Thank you received: 0
23 Jan 2021 17:53 #98276
by adrianh54
No, what you are seeing is a UK CDN service that is hosting content from a Polish site.
https://www.abuseipdb.com/check/84.17.55.133
Replied by adrianh54 on topic Re: Country Object Blocking - Not Working?
gtpc_ltd wrote:
[FILTER][Pass][WAN->LAN/RT/VPN, 289:29:42 ][@S:R=2:3, 84.17.55.133:65082->192.168.54.29:5060][UDP][HLen=20, TLen=381]
Poland?
No, what you are seeing is a UK CDN service that is hosting content from a Polish site.
ISP DataCamp Limited
Usage Type Data Center/Web Hosting/Transit
Hostname(s) unn-84-17-55-133.cdn77.com
Domain Name datacamp.co.uk
Country Poland
City Warsaw, Mazowieckie
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek