Log and dropped port entries

I am looking at my firewire logs and I noticed a lot of dropped Chain> DROP_INPUT involving port 5555 on my red network (red consists of the IPFIRE pc and the cable modem).

This caught my eye because I’ve been attempting (unsuccessfully…) to set up a machine with port forwarding (tunnel) for rdp between two pc’s on my green net.

All the dropped are on the red. One thing that confuses me is the source and destination ip’s are not any of my pc’s on my green net. Typically the source is microsoft or somewhere in the Caribbean to some where in the Netherlands… So why are they even coming into my red net?

The reason the port 5555 caught my eye is that one web page I was following to set up the rdp link said to use the “ssh -L 5555:localhost:3859 user@target xrdp server”. And this tunnel gets me logged in but, I can’t get, for instance, Reminni to connect a remote destop, it keeps saying “re-attempt to connect” and the screen goes blank for a second then “re-attempt to connect”, repeadedly. And the IPFire log shows nothing about a drop between these two pcs.

Should have said “I am looking at my IPFire logs”.

Hey @drmacro

Those are sites that are scanning your firewall (ipfire) and he block them and drop the conection(protect) to your rest of your network.

You can see on my screen shot I have it to:

and it also come from various destination.

best regards.
Neopegasus