please, has nobody an idea why these WAN-ports are open?
Which ports on the WAN interface are open in the original firmware?
Please, someone should know this or you can easily check on your device...
I would appreciate every answer.
Hi,
I have scanned the WAN ports of the router with http://nmap-online.com and the result was that ports 53 (DNS) and 80 (HTTP) are open in the router with oleg-firmware installed.
My /usr/local/sbin/post-firewall is:
I have setup the router with how-to from wengi and with the vsftp (only LAN) and vpn how-to's.#!/bin/sh
# this opens the ssh port to internet! Be sure to have strong passwords!
iptables -I INPUT -m tcp -p tcp --dport 24912 -j ACCEPT
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p udp --dport 1234 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p udp --dport 1234 -j DNAT
--to-destination $4:1234
iptables -A INPUT -j DROP
iptables -D INPUT -j DROP
# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -j DROP
Please, can someone say why these two ports are open?
I think 53 is for DNS and 80 is HTTP (Webserver). But do I need these Ports open, because I have no Webserver running at the WAN interface. Can I somehow close these ports?
please, has nobody an idea why these WAN-ports are open?
Which ports on the WAN interface are open in the original firmware?
Please, someone should know this or you can easily check on your device...
I would appreciate every answer.
If you close them, are you still able to browse the internet ?
if not, then you have your answer to why they are open.
I don't know if it's by design or not.
WL500g Premium v1 Oleg 1.9.2.7-10 500gb hdd [storage-disk] - 250gb hdd [download-disk]
Transmission HellaNZB mysql php lighttpd myphpadmin samba AIOCP CMSimple AmpJuke ADOS
HeadStart
How to measure Energy consumption
Hi,
The ports are for DNS and http, as you wrote above.
If you do NOT use a DNS or HTTP Server for WAN you should close these ports.
This is done with iptables. Do a forum search with "iptables open/close port".
I do not know if this is default in oleg fw (it should not!), because i use my asus as client in the LAN and not as router to connect to the internet.
wengi
Übersicht aller HowTos --- HowTo Overview (mostly german)
WL-HDD mit diesem Setup. --- WL-HDD with this setup.
Kein Support per PM - Frage im jeweiligen Thread! --- No support via pm - ask in the according thread!
Eine wirklich gute Idee erkennt man daran, dass ihre Verwirklichung von vorne herein ausgeschlossen erscheint. (Albert Einstein)
That's interesting, I ran a scan from there as well (first 5000 ports), and it also says:
[...]
Not shown: 4998 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
[...]
Which is kind of weird because
a. I don't have those ports forwarded
b. The GRC.com Shields Up test claims "stealth" for all the ports I scanned.
Thank's for your answers.
I have now scanned the Router from WAN with a portscanner on my laptop which I connected from somewhere else to the internet. The result was that ports 53 and 80 are closed.
So it looks like as if the nmap online service sees maybe the 2 ports open because I access the nmap website at the moment when they scan.
But I am not an expert for networks and ports.
So is my conclusion reasonable?
Edit: Maybe I will try if the result with ports 53 and 80 open would be the same when I use a standard router instead of the asus.
Edit:
Now the quick scan with http://nmap-online.com and my DLink DI-524 Router results in:
All 100 scanned ports on [...].kabel-badenwuerttemberg.de (....) are filtered
Nmap done: 1 IP address (1 host up) scanned in 13.68 seconds
So with that router ports 53 and 80 are not open. That means my Asus with oleg's firmware has something open to the WAN which does not have to be open, right?
Last edited by Beowulf; 08-11-2008 at 12:56.
It's getting weirder here - or at least I don't understand something correctly. Namely, I ran another two scans on a smaller sample of ports today (the one from yesterday was the default range 1-5000) which both included 53 and 80 in the range. Both times it reported that all ports were filtered.
Also, I ran a few scans that included ports that _are_ forwarded on my side - and it reported all ports filtered as well.
I'll try it again at a later time "when the traffic calms down a bit".