Menu
What's new
By:
Filters Better Search

AX86U constantly blocking repeated inbound connections

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

jiggins

New Around Here
Hello, I have a Asus RT-AX86u with merlin 388.2_2 with skynet and diversion, both of which are up to date. I keep getting the same blocked incoming connections to a MAC address on my network but I can't find the associated device. I'm wondering if it's something I even need to worry about or if I can just ignore it. I also have a AC68u that I've been trying to use in aimesh mode (wired) but a couple minutes after setting it up, it goes offline and I have to reset the router to set it up again. I got around it by setting it up in bridge mode for now. The log is pasted below. Any direction would be helpful.

May 14 11:47:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=79.124.62.86 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=63948 PROTO=TCP SPT=45488 DPT=5590 SEQ=147458734 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:47:45 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=95.214.55.85 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38328 DPT=9091 SEQ=250372660 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:47:52 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.7 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36387 PROTO=TCP SPT=59708 DPT=35763 SEQ=602202916 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:04 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=91.240.118.77 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51135 PROTO=TCP SPT=56985 DPT=10015 SEQ=4046325268 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:07 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=107.170.243.26 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42125 DPT=9443 SEQ=1227841959 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:14 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=193.163.125.76 DST=173.75.230.180 LEN=44 TOS=0x08 PREC=0x20 TTL=247 ID=38469 PROTO=TCP SPT=57053 DPT=10011 SEQ=1550862898 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
May 14 11:48:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=79.124.60.202 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61977 PROTO=TCP SPT=49864 DPT=1781 SEQ=57872984 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:22 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=162.142.125.138 DST=173.75.230.180 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=8986 PROTO=UDP SPT=56403 DPT=53 LEN=53 MARK=0x8000000
May 14 11:48:36 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.7 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=49812 PROTO=TCP SPT=59708 DPT=35355 SEQ=603434555 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:38 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=176.111.174.81 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24822 PROTO=TCP SPT=43908 DPT=8025 SEQ=375953691 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:48:52 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=176.111.174.86 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64378 PROTO=TCP SPT=44065 DPT=8412 SEQ=304102674 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:49:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.75 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=58788 PROTO=TCP SPT=45968 DPT=29870 SEQ=604927934 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:49:41 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.166 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63195 PROTO=TCP SPT=58627 DPT=32863 SEQ=1999605808 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:49:56 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=162.216.149.100 DST=173.75.230.180 LEN=44 TOS=0x00 PREC=0x60 TTL=252 ID=42238 PROTO=TCP SPT=57266 DPT=59127 SEQ=3487409341 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
May 14 11:50:06 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=87.246.7.206 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39068 DPT=8443 SEQ=1853811749 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:50:11 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=79.124.62.82 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=27233 PROTO=TCP SPT=45487 DPT=38810 SEQ=3164216143 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:50:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=162.216.150.154 DST=173.75.230.180 LEN=44 TOS=0x00 PREC=0x60 TTL=252 ID=42001 PROTO=TCP SPT=54392 DPT=45139 SEQ=2979918582 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
May 14 11:50:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=91.191.209.198 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50154 PROTO=TCP SPT=54505 DPT=13330 SEQ=550506828 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:50:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=194.26.29.86 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27302 PROTO=TCP SPT=57197 DPT=52001 SEQ=3833874227 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:50:39 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=176.111.174.84 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52122 PROTO=TCP SPT=43991 DPT=8176 SEQ=2343187166 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:50:43 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.64 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59703 PROTO=TCP SPT=44289 DPT=7790 SEQ=2265059821 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 11:51:04 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:34:64:38:5c:45:27:d6:59:c7:08:00 SRC=89.248.163.57 DST=173.75.230.180 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=870 PROTO=TCP SPT=58524 DPT=29583 SEQ=1549899357 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
 
The MAC address is your router's, the DST address is your IP. Normal messages coming from the firewall with Dropped packets logging enabled. Skynet uses it for statistics and what you see there as "blocked" is mostly matched IPs in blocklists. They are blocked by the firewall with or without Skynet.

Here you go, I have no Skynet installed:

Code: 
May 14 12:06:49 rc_service: httpd 1557:notify_rc restart_firewall
May 14 12:06:52 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=80.66.83.107 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3047 PROTO=TCP SPT=50682 DPT=19107 SEQ=4126409798 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:06:54 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=185.233.19.92 DST=192.168.144.100 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=13003 PROTO=TCP SPT=58914 DPT=2000 SEQ=2943512601 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
May 14 12:07:02 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=158.69.165.244 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35275 PROTO=TCP SPT=52181 DPT=3389 SEQ=3825451508 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:07:17 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=65.49.20.81 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48221 DPT=8090 SEQ=3272500456 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:07:18 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=94.102.61.32 DST=192.168.144.100 LEN=57 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=UDP SPT=45075 DPT=121 LEN=37 MARK=0x8000000
May 14 12:07:36 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=80.66.83.107 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=22535 PROTO=TCP SPT=50682 DPT=15066 SEQ=3026855903 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

My DST (destination) IP is shown as local IP because the router is in double NAT behind another. The same AX86U running Asuswrt 388_22525.
 
Last edited:
Tech9 said:
The MAC address is your router's, the DST address is your IP. Normal messages coming from the firewall with Dropped packets logging enabled. Skynet uses it for statistics and what you see there as "blocked" is mostly matched IPs in blocklists. They are blocked by the firewall with or without Skynet.

Here you go, I have no Skynet installed:

Code: 
May 14 12:06:49 rc_service: httpd 1557:notify_rc restart_firewall
May 14 12:06:52 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=80.66.83.107 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3047 PROTO=TCP SPT=50682 DPT=19107 SEQ=4126409798 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:06:54 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=185.233.19.92 DST=192.168.144.100 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=13003 PROTO=TCP SPT=58914 DPT=2000 SEQ=2943512601 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
May 14 12:07:02 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=158.69.165.244 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35275 PROTO=TCP SPT=52181 DPT=3389 SEQ=3825451508 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:07:17 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=65.49.20.81 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48221 DPT=8090 SEQ=3272500456 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
May 14 12:07:18 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=94.102.61.32 DST=192.168.144.100 LEN=57 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=UDP SPT=45075 DPT=121 LEN=37 MARK=0x8000000
May 14 12:07:36 kernel: DROP IN=eth0 OUT= MAC=04:42:1a:a3:6f:28:bc:4d:fb:2d:fd:82:08:00 SRC=80.66.83.107 DST=192.168.144.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=22535 PROTO=TCP SPT=50682 DPT=15066 SEQ=3026855903 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

My DST (destination) IP is shown as local IP because the router is in double NAT behind another. The same AX86U running Asuswrt 388_22525.
Click to expand...
Appreciate you tremendously, thank you for the explanation. So the aimesh issue is just classic aimesh behavior, hit or miss
 
Mixed generations AX/AC and mixed firmware 388/386 routers may or may not work well together despite AiMesh advertisements for router compatibility. Older AC68U routers are usually the ones giving more trouble. Use stock Asuswrt on it and try wired AiMesh node discovery with fail back to wireless when the Ethernet cable is disconnected. There are multiple threads around with multiple ideas how to make it work producing mixed results. The best chance you have for AiMesh is stock Asuswrt on both routers, but as I understand you like Asuswrt-Merlin better.
 
Tech9 said:
Mixed generations AX/AC and mixed firmware 388/386 routers may or may not work well together despite AiMesh advertisements for router compatibility. Older AC68U routers are usually the ones giving more trouble. Use stock Asuswrt on it and try wired AiMesh node discovery with fail back to wireless when the Ethernet cable is disconnected. There are multiple threads around with multiple ideas how to make it work producing mixed results. The best chance you have for AiMesh is stock Asuswrt on both routers, but as I understand you like Asuswrt-Merlin better.
Click to expand...

Jinx.
 
LOL welp, thank you both for the help and insight. I'll just keep trying and see if it sticks. The best part is I had it working previously, then I reset my network and I haven't been able to get it working the same way since.
 
Wireless node discovery was broken for an entire firmware generation plus some on Asuswrt-Merlin. I don't know if it's fixed already or not.

www.snbforums.com

[ 388.2 alpha Build(s) ] Testing available build(s)

Running 388.2_alpha2-g099892a1cf on AXE16000. Can confirm issue with 2.4ghz and 6ghz radio is gone (prev, devices connecting to the 2.4ghz radio would have no exit to internet). Had already seen it work in stock image, glad to see the gpl merge brought the fix to Merlin. OpenVPN to connect...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

P
Skynet show inbound block on Digital TV Vlan300
Replies
4
Views
430
poudenes
P
D
[ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot)
Replies
0
Views
295
dasusm
D
E
Need help with system log interpretation
Replies
1
Views
947
Tech9
Tech9
R
Skynet SkyNet, What's going on? should I be concerned?
Replies
18
Views
2K
Viktor Jaep
Viktor Jaep
TheAccountOfTeo997
Inbound firewall rules appear to be getting ignored (RT-AX88U on 388.1)
Replies
0
Views
1K
TheAccountOfTeo997
TheAccountOfTeo997
Similar threads
Thread starter Title Forum Replies Date
J DDNS, AX86U-PRO, inadyn isn't called after wan IP change ? Asuswrt-Merlin 3
T Asus RT-AX86U vs RT-AX68U (with Merlin cake SQM) Asuswrt-Merlin 9
L dose old device like ax86u will update to 3006? Asuswrt-Merlin 1
S Issues compiling Realtek RTL8156 (r8152) driver for ASUS RT-AX86U Asuswrt-Merlin 2
T Enabling SQM only on Asymmetrical Connection (1150/40) via AX86U Pro (3004.388.4) Asuswrt-Merlin 5
B Wifi performance on RT-AX86U Pro Asuswrt-Merlin 1
E WebUI not working - AX86U (latest Merlin firmware) Asuswrt-Merlin 5
C 3004.388.6_2 media bridge mode (RT-AX86U but maybe others also) - port status missing Asuswrt-Merlin 8
c.petras 3004.388.6 AX86U poor 2.4 Wifi Asuswrt-Merlin 5
W wl command equivalent on newer ASUS models AX5700 - RT-AX86U pro? Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 712 (members: 22, guests: 690)
Top