Solved: DNAT's though GeoIP is activated?

Dear Sirs,

I’ve had reinstalled my Web Service on ORANGE recently and activated GeoIP on the corresponding config page in such a way that just my home country (AT) is allowed; whereas the RED Input Rule was generally allowed, configured as DNAT from RED to ORANGE.

After finishing the Web Service installation I concentrated on the firewall logs and found DNAT’s with some ridiculous FQDN’s:

IP Country Type Remark Hit HTTP Service AT DNAT yes AT DNAT A1 Telekom Austria yes US DNAT US DNAT NL DNAT TW DNAT CN DNAT (localhost)

As you may recognize, just some of those IP’s are related to AT, the allowed country of origin. In addition, there are a lot off HINET-IP adresses, which may or may not be related to Synology DSM. However, this device is neither part of the DMZ nor should there exist any open ports which may have been reached from WAN.

Could you please give me a hint why these DNAT entries appear in the logs?

Thank you!

DNAT was done before the GeoIP block so this are logged and rejected later.

1 Like

Thank you very much!