I have a HH3 with firewall enabled and UPnP switched off.
The HH3 sits in front a machine running TMG with external NIC static at 192.168.1.1, the HH has 192.168.1.254 on the south side.
My understanding is that with no PnP enabled and no port forwarding configured nothing should get through the HH3 from the outside world but I keep getting unsolicited connection attempts being logged on my TMG firewall for example:
Denied Connection VM3 04/05/2014 18:08:02 Log type: Firewall service Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. Rule: None - see Result Code Source: External (ip28.hichina.com 220.127.116.11:443) Destination: Local Host (192.168.1.1:10698) Protocol: Unidentified IP Traffic (TCP:10698) Additional information Number of bytes sent: 0 Number of bytes received: 0 Processing time: 0ms Original Client IP: 18.104.22.168
It makes me highly suspicious of the efficacy of the HH firewall, especially as the source address is from China Beijing Hichina Web Solutions (beijing) Limited
Oh dear BT, what a shambles! (and a word of warning to HH3 users)
I have recently discovered that the Home Hub 3 firewall leaks like a sieve. It pasess hundreds of unsolicited connections from the internet through to my home network, the vast majority of these emanate from China. Curiously, where is the HH3 made? - yes China!
I spent the usual thankless hours on the phone and on chat to assorted 12 year olds who didnt know what a firewall actually was before being directed to something called "TechExperts" who apparently charge you £10/month for sorting out problems inherent in BT products.
In despair I called sales and actually got to speak to an reasonably intelligent human who told me that nothing could be done unless I signed up for another 12 months and if I did they would send me a new HH5.
Now, on the whole I'm perfectly happy with my BT service as long as I don't have to go anywhere Tech/Customer 'support' but really, is this anyway to run a business BT?
But anyway a warning to anyone using HH3 - do not trust the firewall, it doesn't work , take you own precautions and install your own firewall south of the HH router.