Firewall/NAT

I got a rule that should block all ports from WAN destined for my network on port 22 and 23. Does that not mean i should not see any SSH and telnet login attempts to my network(server)?

Am seeing SSH attempts being made to my sever which is obviously on my network from external sources though I got this rule in place.

Am i doing anything wrong? Please help. Thanks

Are you seeing attempts in the m0n0wall firewall logs or your SSH server logs?

Are you seeing attempts in the m0n0wall firewall logs or your SSH server logs?

Am seeing attempts on the SSH logs. The monowall logs show the same external IPs blocked on different ports.

If you could post your nat and rules portion of your config.xml this would help us spot any problems.

Inbound traffic across interfaces is blocked unless specifically allowed, so you don't need any rules to block this. However, if you do add rules and they are misconfigured, then anything is possible.

But without having any information beyond that it does not work properly, not much help can be provided.

Are you seeing attempts in the m0n0wall firewall logs or your SSH server logs?

Am seeing attempts on the SSH logs. The monowall logs show the same external IPs blocked on different ports.

You need some help then, someone outside your network on the WAN to poll your SSH server while you adjust the rules to make sure you have them setup right.

By default, no one should be able to get in because m0n0wall blocks everything inbound by default. Is it possible there is another gateway on your network that leads to the outside?

Reason i got a rule to block that kind of traffic is because it was actually allowed to pass through as i need SSH access to the server from the WAN then i noticed strange names trying to login as well so i blocked it.

What i have done now is remove the Rule altogether. I should not be seeing any SSH traffic from WAN on my network at all now if all is well. Now we wait 

Reason i got a rule to block that kind of traffic is because it was actually allowed to pass through as i need SSH access to the server from the WAN then i noticed strange names trying to login as well so i blocked it.

What i have done now is remove the Rule altogether. I should not be seeing any SSH traffic from WAN on my network at all now if all is well. Now we wait 

Oh, that's just automated programs doing a brute force attack. I see that all the time in my logs, always using lame names like "Administrator" or "root" for a SSH login when they are all usually disabled by default.

If you open up the WAN to your SSH, that's bound to happen. My FTP gets megabytes of junk logs from bot networks with zombies trying to login and guess the password. There are programs out there to ban logins after so many failed attempts if you are really that worried about your security.