Hello - I have a DS415+ - latest - DSM 6.2.4-25556 - everything up to date.
I've been getting login attempts on my mail (plus) server. They appear to be coming from Bulgaria according to WHOIS 5.188.206.xxx - a traceroute leaves me hanging somewhere around Amsterdam.
My Configuration:
* enabled the firewall, allowed local private ips and my static ip's (.248) from the ISP.
* created a rule to allow Germany to mail server since I use a mail server there for notifications, etc.
* created a rule to allow the United States and Minor Outlying access to several services (mail, dns, calendar, VPN, etc.)
* Finally I've created a rule to deny all ports, all protocols to all IP's
* created a rule to deny all on the 1st LAN (my public facing interface) should anything get past the All Interfaces settings.
LAN1 - DENY if no rules match.
My firewall rules are NOT stopping the login attempts. I do have Auto-Block enabled, so after a couple of tries they have to get another IP address. This hacker apparently has the entire class c to use as they continue to try new IP addresses to get in.
What could be the problem with my configuration?
Thank you for your help!
ulyly
I've been getting login attempts on my mail (plus) server. They appear to be coming from Bulgaria according to WHOIS 5.188.206.xxx - a traceroute leaves me hanging somewhere around Amsterdam.
My Configuration:
* enabled the firewall, allowed local private ips and my static ip's (.248) from the ISP.
* created a rule to allow Germany to mail server since I use a mail server there for notifications, etc.
* created a rule to allow the United States and Minor Outlying access to several services (mail, dns, calendar, VPN, etc.)
* Finally I've created a rule to deny all ports, all protocols to all IP's
* created a rule to deny all on the 1st LAN (my public facing interface) should anything get past the All Interfaces settings.
LAN1 - DENY if no rules match.
My firewall rules are NOT stopping the login attempts. I do have Auto-Block enabled, so after a couple of tries they have to get another IP address. This hacker apparently has the entire class c to use as they continue to try new IP addresses to get in.
What could be the problem with my configuration?
Thank you for your help!
ulyly