Hi guys,
Just want to confirm with you guys, are these ports normally exposed on the wan side (external ip) of your router?
just want to ask, what port are exposed on your router?
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
Thanks
what ports are exposed on wan side
Moderator: Moderators
what ports are exposed on wan side
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Re: what ports are exposed on wan side
By default, no port is open from the WAN (only the PING (ICMP) port is allowed) - other settings in the firewall do not allow this.
Information from the WAN side can be confused because by default it responds to all ports by the "REJECT" command following the RFC standard.
The big guess is about setting up REJECT or DROP - the OpenWrt community (Gargoyle) strictly adheres to RFC standards and is therefore selected by default in the REJECT firewall.
Information from the WAN side can be confused because by default it responds to all ports by the "REJECT" command following the RFC standard.
The big guess is about setting up REJECT or DROP - the OpenWrt community (Gargoyle) strictly adheres to RFC standards and is therefore selected by default in the REJECT firewall.
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0
http://gargoyle.romanhk.cz custom builds by gargoyle users
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0
http://gargoyle.romanhk.cz custom builds by gargoyle users
Re: what ports are exposed on wan side
I have tried to add this rule on my firewall and restart it.
But, when I run nmap <wan ip> still showing port 22 as open.
Can someone please advise what am I missing here?
config rule
option name 'block ssh wan port'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'DROP'
-------------------------------
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
-------------------------------
Thanks
But, when I run nmap <wan ip> still showing port 22 as open.
Can someone please advise what am I missing here?
config rule
option name 'block ssh wan port'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'DROP'
-------------------------------
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
-------------------------------
Thanks
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Re: what ports are exposed on wan side
It seems to me that nmap is a program and you run it from the LAN. If you run a program to test the WAN IP address, the result will always be biased because NAT Loopback is performed. The test must always be performed from the outside.
Try it through these pages (sorry, they are only in Czech): http://test.bezpecnosti.cz/
The result must be yellow or best green. But if the result is red, something is wrong.
Or something similar here (already English): https://www.yougetsignal.com/tools/open-ports/ or https://www.ipfingerprints.com/portscan.php
Try it through these pages (sorry, they are only in Czech): http://test.bezpecnosti.cz/
The result must be yellow or best green. But if the result is red, something is wrong.
Or something similar here (already English): https://www.yougetsignal.com/tools/open-ports/ or https://www.ipfingerprints.com/portscan.php
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0
http://gargoyle.romanhk.cz custom builds by gargoyle users
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0
http://gargoyle.romanhk.cz custom builds by gargoyle users
Re: what ports are exposed on wan side
Hi RomanHK,
I used this link below and all ports are closed based on the results.
https://www.yougetsignal.com/tools/open-ports/
Thanks for the link and the quick response.
I used this link below and all ports are closed based on the results.
https://www.yougetsignal.com/tools/open-ports/
Thanks for the link and the quick response.
Gargoyle 1.9.x on Buffalo WZR-HP-AG300H
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Gargoyle 1.10.x on TP-Link Archer C7 v2.0
Gargoyle 1.11.x on WRT3200 acm
Re: what ports are exposed on wan side
By default, they are all closed.
I've tested a fresh install of Gargoyle and confirm this is the case.
If they're open, you likely have services or settings opening them.
I've tested a fresh install of Gargoyle and confirm this is the case.
If they're open, you likely have services or settings opening them.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.