Community Forum

Firewall log entries

Frequent Visitor

Firewall log entries

I have been getting regular entries in my router firewall logs:

FW.IPv6 FORWARD drop , 33 Attempts, 2019/8/19 10:45:24 Firewall Blocked

FW.IPv6 INPUT drop , 29 Attempts, 2019/8/19 10:45:24 Firewall Blocked

FW.IPv6 FORWARD drop, 84 Attempts, 2019/8/18 18:58:02 Firewall Blocked

FW.WANATTACK DROP , 4 Attempts, 2019/8/18 18:58:02 Firewall Blocked

FW.IPv6 INPUT drop , 14 Attempts, 2019/8/18 18:58:02 Firewall Blocked

 

This is a representative sample. These types of events seem to happen every day at somewhat regular times. 

 

Please advise me on what I should do regarding this, if anything.

 

Thanks,

TMG

Highlighted
Expert

Re: Firewall log entries

Don't sweat it. Background internet noise will always be there. Your firewall is doing its job.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Firewall log entries

Hello EG,

 

May I ask if there is anything I can do to prevent this? I won't be worried if it's just a few, but recently it has been > 30,000 FW.WANATTACK DROPs per day. I believe this is slowing me down. Can you please recommend a couple of actions?

 

Thanks,

GS

Expert

Re: Firewall log entries

Nothing really except maybe you could try getting your public / WAN IP address changed, but as stated, background internet noise will always be there. 



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Firewall log entries

Hi EG,

 

May I ask you for the procedure to request an IP change? I briefly searched the support area but wasn't able to find anything.

 

Thanks in advance,

GS

Expert

Re: Firewall log entries

If you have a router that has a MAC address cloning feature, you can clone a different MAC address in to it. This will force their DHCP server to assign a new / different public IP address to your connection.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Firewall log entries

How do you request a new ip address assignment if you have a comcast combination modem/router (in my case, a Cisco DPC3941T). I see no way to change the MAC (and haven't seen a firmware update in a while).

 

Thanks,

T

Expert

Re: Firewall log entries


@tomg555 wrote:

How do you request a new ip address assignment if you have a comcast combination modem/router (in my case, a Cisco DPC3941T). I see no way to change the MAC (and haven't seen a firmware update in a while).

 

Thanks,

T


The only way to do it with that device is to put it in to bridge mode and to use a separate router with it. The system will see the new MAC addy of the router and force a change of IP address. IP addresses have nothing to do with firmware updates.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Firewall log entries

Thanks for the response. My comment on there being few  firmare upgrades was mentioned in passing.

How likely am I going to be able to change over to bridge mode and back without a problem? I also have phone service through this modem. I already have a secondary router configured behind the 3941T.

 

Thanks again,

T

 

Expert

Re: Firewall log entries

You should have no problem toggling between those modes. Phone service will not be affected in any way. After being placed into bridge mode, power cycle the 3941, let it fully come back up, then power cycle the stand-alone router.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Firewall log entries

Thank you for the advice.

 

One minor question... when I am bridge mode, and a public address is assigned to my secondary (now only) router, how would I log into the 3941T admin page to change back? Can you access 10.0.0.1 from one of the other ports?

 

Thanks

T

Expert

Re: Firewall log entries

10.0.0.1 will no longer work in bridge mode as the device is no longer acting as a router. 192.168.100.1 may work for viewing only the cable modem component's RF signal status. You may be able to use the online site and / or the Xfi app for access. One sure way to bring it out of bridge mode is to reset it back to factory defaults by using the reset button on the rear.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Firewall log entries

Thank yo...

 

ok - so the bridge process is reversible through a factory reset. I presume that this will reset wifi passcodes and any other user setting (e.g. firewall, port forwards, etc.) You did say that the phone interface is reversible. Is this true if you do a factory reset.

 

  Sorry to be painful about this, but I just don't have the time, these days, for a big safari to get back to what I had before if things don't work out.

 

T

Expert

Re: Firewall log entries

Yes. Everything goes back to default values and needs to be re-configured from scratch. The phone service is not affected, only for the time that the device is booting up.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!