10490 questions

12505 answers

19431 comments

21988 members

0 votes
54 views 1 comments
by
I have a TRB140 configured to allow access to a private LAN via VPN which has been working fine for about 2 years. Remote access via SSH or to the Web Gui is disabled - you have to access it via a host on the local LAN.

Recently, however it suddenly seems to have started allowing remote access resulting in a a vast amount of traffic of bots trying to log in. This has filled up the logs and damaged the performance - as well of course being a security hazard. The poor performance looks as if it has also led to not now receiving SMS messages.

Firmware is version TRB1_R_00.02.03.2

Any suggestions as how to solve the problem? Maybe a factory reset and reconfigure from scratch?

1 Answer

0 votes
by

Hello,

From a ssh or CLI console:

iptables -A INPUT -i br-lan -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP 

should be enough to get rid of unwanted ssh connection attempts from the outside world while still allowing lan access. Put the rules in Firewall-> custom rules if this solves your issue. Why this happened now is another question however.

Regards,

by
Following the comments from  flebourse I investigated the iptables setup on the modem which showed that all the settings from the filter table were lost. However the nat and mangle tables were not affected which is why I was not immediately aware of the problem. The solution was to do a factory reset and rebuild the setup from scratch.

The suggested solution wasnt going to solve the problem as there was all sorts of malicious traffic coming in from the WAN side. It is quite unclear how the iptables data were deleted.

Anyway thanks very much to flebourse as it made me learn something about iptables.