what ports are exposed on wan side

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
coits
Posts: 106
Joined: Thu Sep 19, 2013 1:58 am
Location: canada

what ports are exposed on wan side

Post by coits »

Hi guys,

Just want to confirm with you guys, are these ports normally exposed on the wan side (external ip) of your router?

just want to ask, what port are exposed on your router?

PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https

Thanks
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm

RomanHK
Posts: 619
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: what ports are exposed on wan side

Post by RomanHK »

By default, no port is open from the WAN (only the PING (ICMP) port is allowed) - other settings in the firewall do not allow this.

Information from the WAN side can be confused because by default it responds to all ports by the "REJECT" command following the RFC standard.

The big guess is about setting up REJECT or DROP - the OpenWrt community (Gargoyle) strictly adheres to RFC standards and is therefore selected by default in the REJECT firewall.
Turris Omnia with Gargoyle 1.12.0
Linksys WRT3200ACM with Gargoyle 1.12.0
TL-WR1043ND v2 with Gargoyle 1.10.0

coits
Posts: 106
Joined: Thu Sep 19, 2013 1:58 am
Location: canada

Re: what ports are exposed on wan side

Post by coits »

I have tried to add this rule on my firewall and restart it.

But, when I run nmap <wan ip> still showing port 22 as open.

Can someone please advise what am I missing here?

config rule
option name 'block ssh wan port'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'DROP'

-------------------------------
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
-------------------------------

Thanks
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm

RomanHK
Posts: 619
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: what ports are exposed on wan side

Post by RomanHK »

It seems to me that nmap is a program and you run it from the LAN. If you run a program to test the WAN IP address, the result will always be biased because NAT Loopback is performed. The test must always be performed from the outside.

Try it through these pages (sorry, they are only in Czech): http://test.bezpecnosti.cz/

The result must be yellow or best green. But if the result is red, something is wrong.

Or something similar here (already English): https://www.yougetsignal.com/tools/open-ports/ or https://www.ipfingerprints.com/portscan.php
Turris Omnia with Gargoyle 1.12.0
Linksys WRT3200ACM with Gargoyle 1.12.0
TL-WR1043ND v2 with Gargoyle 1.10.0

coits
Posts: 106
Joined: Thu Sep 19, 2013 1:58 am
Location: canada

Re: what ports are exposed on wan side

Post by coits »

Hi RomanHK,

I used this link below and all ports are closed based on the results.

https://www.yougetsignal.com/tools/open-ports/

Thanks for the link and the quick response.
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm

Lantis
Moderator
Posts: 5588
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: what ports are exposed on wan side

Post by Lantis »

By default, they are all closed.
I've tested a fresh install of Gargoyle and confirm this is the case.

If they're open, you likely have services or settings opening them.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply