Menu
Reply
  • 4
  • 0
  • 0
marcus101
Joining in
417 Views
Message 1 of 7
Flag for a moderator

firewall logs

Hi all

Hiving added the correct details to email firewall and network logs my super hub 2 ac is emailing me regularly.  However the logs are always empty even though if I log into the router they are populated.  Does anyone have any idea Ho I can solve this.

 

If it helps the email sender is Virgin@missing-domain.com and I use ntlworld smtp settings

Marcus

0 Kudos
Reply
  • 4.28K
  • 90
  • 276
Moderator
Moderator
398 Views
Message 2 of 7
Flag for a moderator

Re: firewall logs

Hi marcus101

Welcome to the forum. I'm really sorry to hear that these messages are blank when you receive a copy. That's quite strange.

Can you try changing the SMTP details over to @VirginMedia.com to see if this makes a difference. Is it possible for you to post the header details of the message for us to have a look at? Please remove any personal details from it though like your email address etc Smiley Happy

Speak soon

Ty 


The do's and don'ts. Keep the community welcoming for all. Follow the house rules


0 Kudos
Reply
  • 4
  • 0
  • 0
marcus101
Joining in
391 Views
Message 3 of 7
Flag for a moderator

Re: firewall logs

Hello Ty

I tried the change to smtp.virginmedia.com and forced a log file email.  this never came through.

I changed back to smtp.ntlworld.com and re-forced a log sent.  This worked but no data.

Message header:

Return-Path: <NN@ntlworld.com>
Delivered-To: NN@ntlworld.com
Received: from md11.tb.ukmail.iss.local ([212.54.59.71])
 by mc12.tb.ukmail.iss.local (Dovecot) with LMTP id FDqsB3Psd1iqfwAAykHGFg
 for <NN@ntlworld.com>; Thu, 12 Jan 2017 21:52:33 +0100
Received: from mx4.mnd.ukmail.iss.as9143.net ([212.54.59.71])
 by md11.tb.ukmail.iss.local (Dovecot) with LMTP id P1WRCm3DUVj4bQAABKHg2A
 ; Thu, 12 Jan 2017 21:52:33 +0100
Received: from know-smtprelay-omc-11.server.virginmedia.net ([80.0.253.75])
 by mx4.mnd.ukmail.iss.as9143.net with bizsmtp
 id XYsP1u00U1eNB4o01YsZzQ; Thu, 12 Jan 2017 21:52:33 +0100
X-SourceIP: 80.0.253.75
X-CNFS-Analysis: v=2.2 cv=AvWe5K1P c=1 sm=1 tr=0
 a=8ONXhGKP6vg/u6eDcpHX1g==:117 a=Ol/gz5rqBptGrhCEVn2niQ==:17
 a=9cW_t1CCXrUA:10 a=pYKKmUFMemsA:10 a=lBW5_t0Qz9oA:10 a=v8nG2yujg7wA:10
 a=IgFoBzBjUZAA:10 a=WdE-iI2V77xwkoRcp3EA:9 a=McxbCngEDmWdl6Zb:21
 a=smGJyRc6iqZWtFTU:21
Received: from localhost ([77.103.*******
 by know-smtprelay-11-imp with bizsmtp
 id XYsT1u0094X6iDZ01YsZgE; Thu, 12 Jan 2017 20:52:33 +0000
X-Originating-IP: [77.103.*******
X-Spam: 0
X-Authority: v=2.1 cv=ZKcq4iPb c=1 sm=1 tr=0 a=Ol/gz5rqBptGrhCEVn2niQ==:117
 a=Ol/gz5rqBptGrhCEVn2niQ==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10
 a=s5jvgZ67dGcA:10 a=pYKKmUFMemsA:10 a=lBW5_t0Qz9oA:10
 a=WdE-iI2V77xwkoRcp3EA:9 a=McxbCngEDmWdl6Zb:21 a=smGJyRc6iqZWtFTU:21
From: Virgin Media Super Hub
Subject: Firewall Log
Firewall Log
---------------------------
Firewall Log- Time: Thu Jan 12 20:46:23 2017
 Source IP: 192.168.0.11 Target Port Number: 80 Count: 2 Event Description: Auth Success - Web login successful
Firewall Log- Time: Thu Jan 12 20:46:08 2017
 Source IP: 192.168.0.11 Target Port Number: 80 Count: 1 Event Description: Auth Fail - Web login failed
Firewall Log- Time: Thu Jan 12 04:33:20 2017
 Source IP: 46.10.181.221 Target Port Number: 23 Count: 1 Event Description: SYN Flood
Firewall Log- Time: Wed Jan 11 07:42:30 2017
 Source IP: 62.253.131.84 Target Port Number: 68 Count: 1 Event Description: DHCP WAN IP -  #########
Firewall Log- Time: Sat Jan  7 11:16:43 2017
 Source IP: 192.168.0.4 Target Port Number: 80 Count: 0 Event Description: Auth Success - Web login successful

 

Also although not connected I seem to be getting a lot (every minute)  of "T3 downstream not locked" firewall messages (twice in 3 days).  These stop when I reboot the router.  I am assuming this is a regional network issue although nothing in the status messages for Northampton.

all the best

marcus

 [MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review the Forum Guidelines]

 

0 Kudos
Reply
Highlighted
  • 7.37K
  • 178
  • 424
Forum Team
Forum Team
375 Views
Message 4 of 7
Flag for a moderator

Re: firewall logs

Hi marcus101,

 

Thanks for getting back in touch, I hope you don't mind me picking this up. 

 

I can't see T3's from this side can you pop the Hub logs up for us and we'll investigate further: 

 

192.168.0.1 in the browser, log in  Username is admin and the password will be changeme, unless you have changed it.

Go to Advanced settings.

Go to Network Status, copy the results back here.

Got to Net work log, pop those results back here too.

 

Are you logging into webmail to look at the firewall logs or are you trying to view from client mail? 

 

Looking at the header you have sent it looks like there are some logs in there, but when I test I also get a blank message. 

 

So I have popped an email across to another team for a bit more information on this. Once I know more I will let you know. 

 

All the best

 

Emma


New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
  • 4
  • 0
  • 0
marcus101
Joining in
368 Views
Message 5 of 7
Flag for a moderator

Re: firewall logs

Dear Emma

Thank you so much for picking this up.  I changed the login as soon as the router was installed as I try to be security conscious so I was mortified when it was pointed out I hadn't anonymised my posting correctly.  No harm done and thanks to the Editor!

T3 messages are no longer in the log as it retains so few items - Not great compared to previous routers I have used.  However although they are no longer filling up the log file a few other issues may be indicated in the Network Log:

18/01/2017

12:51:12 GMT

66050310

Auth Success - Web login successful.

18/01/2017

12:51:03 GMT

66050300

Auth Fail - Web login failed.

18/01/2017

12:50:46 GMT

90000200

CSRF Detect - Expired Content Submitted ; LAN Interface

18/01/2017

12:50:46 GMT

90000200

CSRF Detect - Expired Content Submitted ; LAN Interface

18/01/2017

12:50:43 GMT

66050400

E-Mail - E-Mail Send Failed.

18/01/2017

12:50:28 GMT

90000200

CSRF Detect - Expired Content Submitted ; LAN Interface

18/01/2017

12:50:28 GMT

66050300

Auth Fail - Web login failed.

17/01/2017

10:47:38 GMT

66050400

E-Mail - E-Mail Send Failed.

17/01/2017

10:47:34 GMT

66050400

E-Mail - E-Mail Send Failed.

17/01/2017

06:55:04 GMT

68010400

DHCP REBIND WARNING - Field invalid in response

17/01/2017

06:54:08 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

06:53:14 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

06:51:25 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

06:47:49 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

06:40:37 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

06:26:14 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

05:57:28 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

04:59:55 GMT

68010100

DHCP RENEW sent - No response for IPv4

17/01/2017

03:04:49 GMT

68010100

DHCP RENEW sent - No response for IPv4

16/01/2017

23:14:38 GMT

68010100

DHCP RENEW sent - No response for IPv4

 

 

Date Time Source IP Target Port Number Count Event Description

Wed 18 Jan 13:03 GMT 192.168.0.11 80 2 Auth Success - Web login successful
Wed 18 Jan 12:51 GMT 192.168.0.11 80 2 Auth Fail - Web login failed
Tue 17 Jan 10:45 GMT 134.119.219.27 5090 21 TCP- or UDP-based Port Scan
Thu 12 Jan 04:33 GMT 46.10.181.221 23 1 SYN Flood
Wed 11 Jan 07:42 GMT 62.253.131.84 68 1 DHCP WAN IP - 77.103.******
Sat 07 Jan 11:16 GMT 192.168.0.4 80 0 Auth Success - Web login successful

"Are you logging into webmail to look at the firewall logs or are you trying to view from client mail? 

 

BTW do virgin provide a latter version of the router that may not contain this issue?

all the best marcus

[MOD EDIT: For your security personal and private information has been removed from this post. Please review the Forum Guidelines]

 

0 Kudos
Reply
  • 7.37K
  • 178
  • 424
Forum Team
Forum Team
357 Views
Message 6 of 7
Flag for a moderator

Re: firewall logs

Hi marcus101,

 

Thanks for posting again. 

 

I have not yet heard back from the team who are investigating the issue with the emails arriving blank. As soon as I hear more I will let you know. 

 

The logs you are getting look to be relatively normal and nothing to be particularly concerned about. 

 

Are you having trouble with the connection at all? 

 

Keep us posted. 

 

Emma

 


New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
  • 4
  • 0
  • 0
marcus101
Joining in
355 Views
Message 7 of 7
Flag for a moderator

Re: firewall logs

The connection and speed is fine thank you.

0 Kudos
Reply