Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Solved Why am I getting failed connections from china?

Featured Replies

I happen to look in the unraid log. I found that someone from china is trying to telnet into my server?

 

image.png.69a3f5cca192065424dd2f1853e49f38.png

Edited by scubieman

why? because every standard port gets every some seconds scanned. thats normal.

 

Thats how worms and such spread.

 

Thats also why you shouldnt face your unraid to the outside (at very least not with standard ports). unraid is not hardend to be reachable from the internet. Its intented for LAN.

 

Security might be added at some point tho.

Edited by nuhll

  • Author

Thank you for quick respond. It appears i need to block telnet ports? 22, 23 ETC? 

 

As of now it should be locked down. I only have 1 port forwarded(plex). I have not set anything else through unraid to internet.

normally you dont need to block anything, i guess your unraid machine is behind a router? this should stop anyting from reaching any pcs in your LAN, EXEPT you forward these ports to machines... 

  • Author

I appericate the help. Yes my unraid is behind a edgerouter x. So i hope that is enough of advanced to save me.

But ure getting connections.. so this mus tbe forwarded to your unraid machine... 

  • Author
5 minutes ago, nuhll said:

But ure getting connections.. so this mus tbe forwarded to your unraid machine... 

True,

 I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now. 

1 minute ago, scubieman said:

True,

 I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now. 

So you removed that port forwarding in your router? Just to be sure.

  • Author
Just now, nuhll said:

So you removed that port forwarding in your router? Just to be sure.

That was port 32400 used by plex. I set it so all traffic using that ip address will not leave my network.

 

Short term solution. Trying to set up pfsense thinking of switching to that.

 

However my dockers seem to reach the internet still. Not sure why or how

Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections.

  • Author
1 minute ago, trurl said:

Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections.

just like nuhll said. It should be blocked at the router before reaching the server right?

2 minutes ago, scubieman said:

just like nuhll said. It should be blocked at the router before reaching the server right?

Yes unless you have opened some ports.

  • Author

When I check ismyportopen.com I show all ports in the log are showing as closed. so not sure.

Are you still getting telnet attempts?

  • Author
1 hour ago, trurl said:

Are you still getting telnet attempts?

I sure am! last one was like ten seconds ago. 

 

Right now its 17:16 for time

image.png.fc0842a86defab34168ed9e0a9db7659.png

Such requests should not be reaching your server if it is behind a router!   You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/

1 hour ago, scubieman said:

I sure am! last one was like ten seconds ago. 

 

Right now its 17:16 for time

image.png.fc0842a86defab34168ed9e0a9db7659.png

You are also getting ssh connection attempts.  This usually only happens if you have open ports or have your server in the DMZ.

 

Go to this site and click the Proceed button after doing a little reading.  Then run the Common Ports and All Service Ports scans to see what is reported regarding port security.

 

You want to see results like the following:

 

 

Ports.PNG

  • Author
Such requests should not be reaching your server if it is behind a router!   You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/
I agree 100% . However I didn't change anything from my router after I set up unraid. Only thing is one port forwarding for Plex. I have no idea how to stop this. I guess it should be set by default to block all incoming. I may need to reach out to manfactor. Thinking switching to pfsense but at first glance it scares me lol

Sent from my Pixel 2 XL using Tapatalk

  • Author

I ran it.

I ran the 2 test you recommended and both came back success.

 

image.png.6ba69493669d7e4b1d9b2b8575ecb3ab.png

8 minutes ago, Hoopster said:
You are also getting ssh connection attempts.  This usually only happens if you have open ports or have your server in the DMZ.
 
Go to this site and click the Proceed button after doing a little reading.  Then run the Common Ports and All Service Ports scans to see what is reported regarding port security.
 
You want to see results like the following:
 
 
Ports.thumb.PNG.0c1cee519ca940959b80c08eddabdb11.PNG

 


Sent from my Pixel 2 XL using Tapatalk
 

 

Edited by scubieman

4 hours ago, scubieman said:

my unraid is behind a edgerouter x

My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. 

 

If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow?

 

I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts.

  • Author
4 minutes ago, Hoopster said:

My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. 

 

If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow?

 

I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts.

 

I have openvpn installed on my ERX but its disabled as of now. I dont even have openVPN port forwarded. Only thing is plex.

 

Maybe i should change plex IP then port forward to that for whatever reason

 

 

Adding one more thing that is interesting....

image.thumb.png.ec81d9f9cd259cb9174ff48ea21d11f3.png

image.thumb.png.06ae1d8ff772f300bf1fe3870ee0aa6c.png

Edited by scubieman

18 minutes ago, scubieman said:

I ran it.

I ran the 2 test you recommended and both came back success.

 

image.png.6ba69493669d7e4b1d9b2b8575ecb3ab.png

 


Sent from my Pixel 2 XL using Tapatalk
 

 

You ran the UPnP probe.  Did you also run the Port scans (highlighted in red)?  The results should look like what I originally posted.

 

 

Port Scan.PNG

  • Author

Sure did and came back passed.

Sent from my Pixel 2 XL using Tapatalk

6 minutes ago, scubieman said:

Sure did and came back passed.

Sent from my Pixel 2 XL using Tapatalk
 

OK, just making sure.  If your router passed the port scans it is very strange that you are getting ssh and telnet connection attempts.  Somehow, your server is exposed.

  • Author

Trying to use a wan_in rule to block all ports till i can hear from manf. I show lots being blocked!

 

image.thumb.png.19011adf0e01a5b308f1fa5c1acec700.png

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.