Results 1 to 2 of 2

Thread: Firewall opened by default in the latest firmware ?

  1. #1
    Join Date
    Apr 2009
    Location
    Sofia,Bulgaria
    Posts
    29

    Firewall opened by default in the latest firmware ?

    Hi I just installed the lates firmware I found. Router is wl500gp.
    Linux version 2.6.22.19 (root@localhost) (gcc version 4.5.3 (GCC) ) - 1.9.2.7-rtn-r4051.
    Through the web I enabled SSH and stopped all FTP, telnet, upnp. To test the firewall I tried to login through WAN to the ssh and it was successfully. I scanned the ports with simple scanner and it shows the port 22 as opened. This is strange since I did not enabled the ssh from outside. I just created the files in /usr/local/sbin, but all files are empty.

    Can you help me to understand why the firewall is allowing ssh and showing the port as opened. To my understanding it should be closed from wan.
    This are the firewall settings as seen in "Status & Log - Diagnostic Information" from the web - I have not changed anything and it should be by default :
    Code:
    IP Tables
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        9   360 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 
      547 49666 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           ctstate NEW 
      320 28917 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           ctstate NEW 
        0     0 ACCEPT     2    --  *      *       0.0.0.0/0            224.0.0.0/4         
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4         udp dpt:!1900 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68 
        3   156 BRUTE      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 
      454 47038 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD (policy ACCEPT 249 packets, 17722 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0           
        7   280 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4         
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
        0     0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT 
        0     0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0           
    
    Chain OUTPUT (policy ACCEPT 937 packets, 696K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain BRUTE (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           recent: UPDATE seconds: 600 hit_count: 5 name: BRUTE side: source 
        3   156 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           recent: SET name: BRUTE side: source 
    
    Chain MACS (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain SECURITY (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 1/sec burst 5 
        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 limit: avg 1/sec burst 5 
        0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5 
        0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain UPNP (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain logaccept (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate NEW LOG flags 39 level 4 prefix `ACCEPT ' 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain logdrop (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate NEW LOG flags 39 level 4 prefix `DROP ' 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    --------------------------------------------------------------------------------
    IP Tables NAT
    Chain PREROUTING (policy ACCEPT 719 packets, 73857 bytes)
     pkts bytes target     prot opt in     out     source               destination         
      206 25457 VSERVER    all  --  *      *       0.0.0.0/0            192.168.11.2        
    
    Chain POSTROUTING (policy ACCEPT 22 packets, 1479 bytes)
     pkts bytes target     prot opt in     out     source               destination         
      129  8682 MASQUERADE  all  --  *      vlan1  !192.168.11.2         0.0.0.0/0           
        0     0 MASQUERADE  all  --  *      br0     192.168.10.0/24      192.168.10.0/24     
    
    Chain OUTPUT (policy ACCEPT 22 packets, 1479 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain UPNP (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain VSERVER (1 references)
     pkts bytes target     prot opt in     out     source               destination

  2. #2
    Quote Originally Posted by zerg View Post
    Hi I just installed the lates firmware I found. Router is wl500gp.
    Linux version 2.6.22.19 (root@localhost) (gcc version 4.5.3 (GCC) ) - 1.9.2.7-rtn-r4051.
    Through the web I enabled SSH ...
    If you want SSH daemon to be available only on your local network select 'Yes, LAN Only' instead of 'Yes'

Similar Threads

  1. DVB-T firmware for WL-500gP v1
    By Gerdi in forum WL-500gP Firmware Discussion
    Replies: 8
    Last Post: 22-04-2012, 14:24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •