Cablemodem (SBG6580) firewall denying some outbound traffic? Why? Not configured
I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
...and that's great. (Sad, but great.)
But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
...and
- Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),
- I have no restrictions configured in the modem; I don't see why it should be blocking anything.
Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)
I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)
Thanks.
networking firewall router syslog
asked May 31 '14 at 19:20
lairdblairdb
111
migrated from serverfault.com May 31 '14 at 19:24
This question came from our site for system and network administrators.
add a comment |
I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
...and that's great. (Sad, but great.)
But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
...and
- Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),
- I have no restrictions configured in the modem; I don't see why it should be blocking anything.
Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)
I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)
Thanks.
networking firewall router syslog
asked May 31 '14 at 19:20
lairdblairdb
111
migrated from serverfault.com May 31 '14 at 19:24
This question came from our site for system and network administrators.
add a comment |
I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
...and that's great. (Sad, but great.)
But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
...and
- Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),
- I have no restrictions configured in the modem; I don't see why it should be blocking anything.
Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)
I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)
Thanks.
networking firewall router syslog
asked May 31 '14 at 19:20
lairdblairdb
111
I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
...and that's great. (Sad, but great.)
But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
...and
- Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),
- I have no restrictions configured in the modem; I don't see why it should be blocking anything.
Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)
I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)
Thanks.
networking firewall router syslog
networking firewall router syslog
asked May 31 '14 at 19:20
lairdblairdb
111
asked May 31 '14 at 19:20
lairdblairdb
111
asked May 31 '14 at 19:20
lairdblairdb
111
asked May 31 '14 at 19:20
lairdblairdb
111
asked May 31 '14 at 19:20
lairdblairdb
111
111
migrated from serverfault.com May 31 '14 at 19:24
This question came from our site for system and network administrators.
migrated from serverfault.com May 31 '14 at 19:24
This question came from our site for system and network administrators.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I googled about motorola modem firewall.. Try to configure or disable the firewall.
If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)
Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)
There is a user guide for your device here
http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf
Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)
http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941
If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.
Further, this post
http://community.callofduty.com/thread/100463756
"Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."
You could experiment with checking one and not the other.
It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.
http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output ofiptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.
– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762109%2fcablemodem-sbg6580-firewall-denying-some-outbound-traffic-why-not-configured%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I googled about motorola modem firewall.. Try to configure or disable the firewall.
If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)
Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)
There is a user guide for your device here
http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf
Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)
http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941
If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.
Further, this post
http://community.callofduty.com/thread/100463756
"Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."
You could experiment with checking one and not the other.
It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.
http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output ofiptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.
– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
|
show 1 more comment
I googled about motorola modem firewall.. Try to configure or disable the firewall.
If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)
Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)
There is a user guide for your device here
http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf
Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)
http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941
If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.
Further, this post
http://community.callofduty.com/thread/100463756
"Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."
You could experiment with checking one and not the other.
It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.
http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output ofiptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.
– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
|
show 1 more comment
I googled about motorola modem firewall.. Try to configure or disable the firewall.
If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)
Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)
There is a user guide for your device here
http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf
Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)
http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941
If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.
Further, this post
http://community.callofduty.com/thread/100463756
"Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."
You could experiment with checking one and not the other.
It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.
http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
I googled about motorola modem firewall.. Try to configure or disable the firewall.
If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)
Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)
There is a user guide for your device here
http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf
Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)
http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941
If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.
Further, this post
http://community.callofduty.com/thread/100463756
"Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."
You could experiment with checking one and not the other.
It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.
http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
edited May 31 '14 at 23:49
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
answered May 31 '14 at 19:35
barlopbarlop
15.7k2590150
15.7k2590150
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output ofiptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.
– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
|
show 1 more comment
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output ofiptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.
– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)
– lairdb
May 31 '14 at 21:46
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)
– barlop
May 31 '14 at 23:47
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of
iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.– barlop
May 31 '14 at 23:50
@lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of
iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.– barlop
May 31 '14 at 23:50
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.
– lairdb
Jun 3 '14 at 0:37
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)
– lairdb
Jun 3 '14 at 0:41
|
show 1 more comment
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762109%2fcablemodem-sbg6580-firewall-denying-some-outbound-traffic-why-not-configured%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
