Home/Support/Support Forum/How do I stop many GP socket connected to my Cellular TCP/IP address?
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

How do I stop many GP socket connected to my Cellular TCP/IP address?

0 votes
I thought my two lines of Firewall code were supposed to stop any incoming hits or login attempts except from our server in the lab and my actual PC in my cube with the following 2 lines of firewall code

pass in break end on ppp 1 from 164.82.32.13 to addr-ppp 1
pass in break end on ppp 1 from 164.82.32.1 to addr-ppp 1

I am getting hundreds of these type of GP hits stopping my WR41 from working?
03:29:15, 08 Jan 2019,GP socket connected: 166.141.188.4:22 -> 103.114.107.221:58621
03:29:15, 08 Jan 2019,GP socket connected: 166.141.188.4:22 -> 68.183.17.76:41078
03:26:41, 08 Jan 2019,GP socket connected: 166.141.188.4:22 -> 148.101.91.58:37274
asked Jan 10 in Digi TransPort Cellular by Desmogger New to the Community (2 points)

Please log in or register to answer this question.

1 Answer

0 votes
Hi

What other rules have you got in the firewall

also has this been switched on the PPP interface and some times the PPP interface would need to be cycled to enable

regards

James
answered 6 days ago by James.Wilson Veteran of the Digi Community (1,168 points)
Thanks Jim, My field guys are headed out this morning to reboot. I will be able to get logs then and PPP 1 was rebooted after last firewall update. Here is all in the firewall.
#Allow outbound FTP traffic
pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
#Allow any other outbound traffic and the replies back in
pass in break end on ppp 1 from 164.82.32.13  to addr-ppp 1  
pass in break end on ppp 1 from 164.82.32.1  to addr-ppp 1  
pass out break end inspect-state
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=4500
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
pass in break end proto tcp from any to any port=443 flags S!A inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end
Hi

You have the originall rules still in for SSH and HTTPS from anywhere.

you would need to remobe the entries to stop other people from conencting

#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
pass in break end proto tcp from any to any port=443 flags S!A inspect-state
...