- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, can anyone here tell me why a device that is sitting in the DMZ (in this case my 3G Microcell) with the Lowest firewall settings enabled would generate this type of blocked traffic?!?!?
Jul 26 11:03:43 2011Outbound TrafficBlocked - Default policyFirst packet in connection is not a SYN packet: TCP 192.168.1.2:43749->12.230.208.44:443 on clink1
Jul 26 11:03:41 2011Outbound TrafficBlocked - Default policyFirst packet in connection is not a SYN packet: TCP 192.168.1.2:43747->12.230.208.44:443 on clink1
Jul 26 11:03:39 2011Outbound TrafficBlocked - Default policyFirst packet in connection is not a SYN packet: TCP 192.168.1.2:43745->12.230.208.44:443 on clink1
Jul 26 11:03:38 2011Inbound TrafficBlocked - Default policyTCP 12.230.208.44:443->192.168.1.2:43744 on clink1
Jul 26 11:03:36 2011Outbound TrafficBlocked - Default policyFirst packet in connection is not a SYN packet: TCP
192.168.1.2:43741->12.230.208.44:443 on clink1
Jul 26 11:03:36 2011Inbound TrafficBlocked - Default policyTCP 12.230.208.44:443->192.168.1.2:43742 on clink1
Jul 26 11:03:32 2011Inbound TrafficBlocked - Default policyTCP 12.230.208.195:443->192.168.1.2:56912 on clink1
Jul 26 11:03:31 2011Outbound TrafficBlocked - Default policyFirst packet in connection is not a SYN packet: TCP
192.168.1.2:43739->12.230.208.44:443 on clink1
This is just generated over a 15 second period. I am seeing TONS of this blocked traffic with 192.168.1.2 in the DMZ. NO WONDER MY MICROCELL will not sync with ATT
Solved! Go to Correct Answer
Correct answers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
**** CONFIRMED SOLUTION *****
The Actiontec router is the problem.
Today I called verizon and had my ONT switched to ethernet. Then replaced that router with an old Linksys router that I loaded DD-WRT on. I reset everything to default on the DD-WRT router, then I connected my DIR-825 (DHCP turned off) router to that. Did a few tests to check my ping and speed. All was good.
So then I plugged the cat5 cable from my ATT 3G Microcell into the DIR-825 router. And in the time it took me to login to the DDWRT router and to make sure that it gave the Microcell an IP, I received a text from ATT saying my microcell was successfully activated.
These actiontec routers are complete junk... case closed!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
here is the response I got from Antec:
Resolution:
=========================
Some ports may be being blocked by Verizon unintentionally.
It used to be that residential DHCP services had several ports blocked.
20-21 ftp server ports
25 and 110 POP and SMTP server ports
80 and 443 Web and Secure Web server ports
The DMZ Host should have unblocked every port including 443 and no, there are no known issues with DMZ Hosting at this time.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is 192.168.1.2 the IP address your Microcell has been locked to use? I presume so, but have you tried disabling the firewall entirely on the ActionTec to see if it will sync up with AT&T and if those entries do in fact stop? The DMZ should be as you described; meant to bypass the firewall. On some routers, I have seen some exceptions to that rule however and those usually involve cases that would trigger any firewall on the spot.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, its was assigned that through DHCP and then I gave it a static lease.
There is no option to turn off the firewall completely on these models.... I WISH!
I've gone through every setting in this router to try and find why it would block 443 inbound and outbound... but there is no setting that I can find.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If there is "No Security" option under the Firewall, try the Custom option and do not create any rules for it. I imagine it should work almost as if the Firewall were switched off.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no such thing as a custom option.
Verizon replaced my router with another (Rev F) and its doing the exact same thing...... JUNK
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did however go into advanced routing and try to create my own dmz by entering this for incoming:
Any 192.168.1.2 microcell - TCP Any -> Any
UDP Any -> Any Accept Connection Active
and this for outgoing:
192.168.1.2 Any microcell - TCP Any -> Any
UDP Any -> Any Accept Connection Active
and the logs STILL show inbound and outbound connections to ATT being blocked by the router... seriously these routers are GARBAGE!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The routers themselves are not garbage. The firmware is actually the problem with them. DD-WRT on the ActionTecs works like a charm though the problem with that is you lose MoCa (Coax) support on the ActionTec.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wish I could put DD WRT on this router... but I am hooked through coax 😞
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you don't have TV service and you have some time to get the ONT switched over to Ethernet (you'll need to run the cabling yourself to avoid a tech roll and fee), DD-WRT is still a possibility. You just need to be sure your version of the ActionTec router is compatible.