D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-859 => Topic started by: userdsp on October 24, 2018, 07:58:03 AM

Title: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 07:58:03 AM
DIR-859   HW:A3   FW:1.06
https://imgur.com/a/wzDQtEY (https://imgur.com/a/wzDQtEY)
https://imgur.com/a/vOg5Pbc (https://imgur.com/a/vOg5Pbc)
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block blood from external Ip
Post by: FurryNutz on October 24, 2018, 08:01:07 AM
Link>Welcome! (http://forums.dlink.com/index.php?topic=49573.0)



Internet Service Provider and Modem Configurations

What is "block blood"?
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block blood from external Ip
Post by: userdsp on October 24, 2018, 08:10:09 AM
Location Bulgaria
ISP bulsat.com
Fiber Optic -> Lan -> DIR-859

What is "block blood"?
Mistake i mean FLOOD

This IP 74.125.153.250 is floding me and I want to stop this.
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: FurryNutz on October 24, 2018, 08:13:59 AM
FLOOD meaning? DDOS? Are you trying to block a specific site?
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 08:14:33 AM
Yes its DDoS
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: FurryNutz on October 24, 2018, 08:17:37 AM
Internet Service Provider and Modem Configurations

Are you seeing this in the router logs? I presume firewall and SPI is enabled on the DIR router?
Have you looked up the IP address that seems to be doing this and ask your ISP to help you block this as well on there side? The firewall should be blocking automatically and if it's logging it, then it's doing it's job already and just letting you know.
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 08:26:55 AM
I were cloned the router MAC to my lan card.
Then i start Wireshark and I saw the flood.
my ISP bulsat.com told me that they cant block it and I must block it my self
If I change mac address on the router and ISP register my new one everything going good until this IP start flood me again after few days
I do play Battlefield 4 and admins from one of the servers there can see my IP and they flood me
After i play the game flood start again until i change my MAC (IP address)
When I use DIR-859 router i cant see the flood but ping to the game is bigger than usual and i have some connection issues inside the game
After flood start my ping increace with 8-10ms

I hope you do understand my bad English :) So is there any way to block them from the router?
With with this settings from the screenshots I can ping this IP but connection between flod  IP and me must to be unpossible in both ways, correct?
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: FurryNutz on October 24, 2018, 08:38:46 AM
Is DNS relay enabled ON the router?
Under Schedule, do you have a section for these two Settings?
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: GreenBay42 on October 24, 2018, 08:39:12 AM
That IP address is Google. Are you using google services or DNS servers?
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 08:39:38 AM
DNS realy is On and rules are Always Enable
Nope im not using nothing from goodle
I snif my trafik on fresh installed windows with stoped update services fresh boot and all programs closed
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: FurryNutz on October 24, 2018, 08:43:32 AM
Set a schedule for these two settings and highlight ALL sections in the time frames. Save and apply.
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 08:50:01 AM
So i do mistake with IP adress and ill correct it.
I make this time frame correction too and i can still ping this IP :(
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: GreenBay42 on October 24, 2018, 08:52:52 AM
Reset the router (paperclip in the reset hole for 10 seconds with the router powered on) and reconfigure from scratch.

The rules are not doing anything. The traffic will still hit the router.

You can try to router the traffic to a false IP.  Go to Features > Firewall > IPv4 Rules

Source - WAN 74.125.153.250   ( do not add anything else, just the IP address)

Destination - LAN  Enter an unused IP address on your local network (192.168.0.2 for example)

Protocol/Port - Select ANY.

Make sure Turn IPv4 Filtering ON and DENY rules listed is selected.

But again the traffic is still coming in so there is something going on.
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: userdsp on October 24, 2018, 09:13:12 AM
Do not work
Destination - LAN  Enter an unused IP address on your local network (192.168.0.2 for example)
Why to block connection to unused IP? I make it and dont work. Then i change it to my internal ip and still do not work.
Title: Re: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip
Post by: GreenBay42 on October 24, 2018, 09:21:11 AM
Is the traffic trying to go to a particular IP address on your network?

Did you reset the router?

The rules block the traffic from entering your network, it does not prevent the flood.