Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: SOLARIS/BSD-like, some Debian-like, some Arch-like, some GENTO-like, some RH-like, some slacky-like
Posts: 386
Rep:
SR516ac
Hi Folks,
I have a Smart SR516ac modem-router software version: 2.6.2.7. When I nmap my public IP there are some ports open beside the ones I manually open.
Code:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds
I read the manual but I can't find how to close these ports. Also I contacted the ISP provider technician and they said that issue is beyond they support.
There are some settings in Management/Access Control/Services that are disabled for the WAN (which is OK) and enable and greyed out for the LAN (also OK). I can not find any other settings. Nevertheless the ports are still open and I have no control over. I am thinking maybe some of you has this model and can share the experience.
If you are running a scan from inside your LAN then even though your using your public IP address it may not be actually looping back. Try testing from outside your LAN or using grc.com via shields up.
Distribution: SOLARIS/BSD-like, some Debian-like, some Arch-like, some GENTO-like, some RH-like, some slacky-like
Posts: 386
Original Poster
Rep:
Quote:
Originally Posted by michaelk
If you are running a scan from inside your LAN then even though your using your public IP address it may not be actually looping back. Try testing from outside your LAN or using grc.com via shields up.
Thank you michaelk, I was testing from outside too and got the same results. In fact the question was for those who are familiar with this model and know where the settings are for closing listening ports.
I understand but with no replies thought I would pop in with a suggestion. If I believe the attached screenshot all services on the unit are disabled from the WAN side. So theoretically they should not be detected from the outside. The only information I found related to your model was maybe port forwarding is called port triggering. Are you forwarding anything?
Ports 139 and 445 are used by Windows SMB/CIFS (aka samba). Many ISPs block SMB/CIFS traffic by default now days.
Is the router configured for sharing?
The outside ssh port is 2222 but since nmap only automatically scans for the first 1000 or so it isn't going to be shown in the list nor is it enabled but 22 is shown. Do you have port forwarding configured for 22? Have you tried logging in to see what happens?
Port 53 is DNS and while it typically is open on the LAN side it should not be on the WAN. It isn't something you would necessarily forward either.
tftp is UDP based but would assume the nmap command ran only checked TCP.
Distribution: SOLARIS/BSD-like, some Debian-like, some Arch-like, some GENTO-like, some RH-like, some slacky-like
Posts: 386
Original Poster
Rep:
Quote:
Originally Posted by michaelk
I understand but with no replies thought I would pop in with a suggestion. If I believe the attached screenshot all services on the unit are disabled from the WAN side. So theoretically they should not be detected from the outside. The only information I found related to your model was maybe port forwarding is called port triggering. Are you forwarding anything?
yes, as per screenshot it looks like the WAN side ports are disabled. Here's where newbies like me get confused .
yes, port triggering or even "virtual servers".
yes, I am only forwarding p:22.
Quote:
Ports 139 and 445 are used by Windows SMB/CIFS (aka samba). Many ISPs block SMB/CIFS traffic by default now days.
Is the router configured for sharing?
I do not know, AFAIK I don't think so.
Quote:
The outside ssh port is 2222 but since nmap only automatically scans for the first 1000 or so it isn't going to be shown in the list nor is it enabled but 22 is shown. Do you have port forwarding configured for 22? Have you tried logging in to see what happens?
I can ssh, if this is what you've asked me.
Quote:
Port 53 is DNS and while it typically is open on the LAN side it should not be on the WAN. It isn't something you would necessarily forward either.
tftp is UDP based but would assume the nmap command ran only checked TCP.
When you login via ssh your connecting to your server and not the router?
I believe your router has a USB port? I am guessing if you do not know if it is configured then nothing is connected.
If you try to access the router via a web browser from outside the LAN what happens?
Distribution: SOLARIS/BSD-like, some Debian-like, some Arch-like, some GENTO-like, some RH-like, some slacky-like
Posts: 386
Original Poster
Rep:
Quote:
Originally Posted by michaelk
When you login via ssh your connecting to your server and not the router?
yes
Quote:
I believe your router has a USB port?
yes
Quote:
I am guessing if you do not know if it is configured then nothing is connected.
on those open ports it looks like it connects to the router. From there only ssh is forwarded to my ssh server. These (open) ports, I believe, the ISP left them open on the WAN side (the thing is I do not see where in the router's settings are these open ports) of the router for 'troubleshooting'.
Quote:
If you try to access the router via a web browser from outside the LAN what happens?
I get the login prompt but when I enter my credentials (I use for local access) fails.
I am guessing if you do not know if it is configured then nothing is connected.
Sorry for the confusion I was asking about USB ports.
I would expect the page posted in your 1st post to be the setting and not enabled would not be accessible from the outside. It is a bit strange. Just out of curiosity have you tried connecting using ftp or telnet to see what happens.
Distribution: SOLARIS/BSD-like, some Debian-like, some Arch-like, some GENTO-like, some RH-like, some slacky-like
Posts: 386
Original Poster
Rep:
Quote:
Originally Posted by michaelk
Sorry for the confusion I was asking about USB ports.
I would expect the page posted in your 1st post to be the setting and not enabled would not be accessible from the outside. It is a bit strange. Just out of curiosity have you tried connecting using ftp or telnet to see what happens.
It is strange and confused enough, if would not be I would not had asking for help .
Yes, I connected to ftp and telnet and got into the router. From there I am not familiar with router commands but I remember I can get modelname, swversion etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.