Port Forwarding Questions

Hello,

I am trying to get some port forwardings working.
/etc/config/firewall looks like this (regarding the specific forwards, details anonymised):

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'NAS'
        option src 'wan'
        option src_dport '121'
        option dest_port '121'
        option dest_ip '192.168.0.121'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Device-2'
        option src 'wan'
        option src_dport '122'
        option dest_port '122'
        option dest_ip '192.168.0.122'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Device-1'
        option src 'wan'
        option src_dport '123'
        option dest_port '123'
        option dest_ip '192.168.0.123'

Should be said that this used to work prior to a system update which has been described here.

An Nmap port scan of the router returned this:

PORT    STATE    SERVICE
53/tcp  open     domain
80/tcp  open     http
100/tcp filtered newacct
443/tcp open     https
121/tcp filtered snpp
MAC Address: xx:xx:xx:xx:xx:xx (Netgear)

So curiously only one port appears to be open (filtered), the other two don't appear at all.
I'm also trying to make sense of "filtered snpp".

So if I nmap -PS the target devices (Device-1 and Device-2 are the same hardware). It returns for Device-2:

RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for Decice-2.lan (192.168.0.122)
Host is up (0.12s latency).
All 1000 scanned ports on Device-2.lan (192.168.0.122) are closed
MAC Address: xx:xx:xx:xx:xx:xx (Manufacturer)

Device-1:

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.56 seconds

Ok, so I tried nmap -Pn on Device-1

Nmap scan report for Device-1.lan (192.168.0.123)
Host is up (0.024s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
123/tcp open  newacct
MAC Address: xx:xx:xx:xx:xx:xx (Manufacturer)

Nmap NAS:

Stats: 0:00:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 2.35% done; ETC: 18:14 (0:00:00 remaining)
Nmap scan report for NAS.lan (192.168.0.121)
Host is up (0.049s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
443/tcp  open  https
121/tcp  open  snpp
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: xx:xx:xx:xx:xx:xx (Manufacturer)

In summary, it seems the router opened port 121 which is also open on the target device but it isn't forwarding.
Port 122 on Device-2 seems somehow open, port 123 on Device-1 seems closed.
But the settings of all clients have not been changed, only the router recived a software update. So I need to conclude that device ports are open as usual.
And I should add that one can reach all devices via their designated ports locally, but not from outside.

What might I have missed?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

I think you may want https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_nat#lan-side_public_server

(Side note, port 123 is NTP, so it may interfere with existing services, I'd choose something else.)

You are directing traffic through the WAN to test this, right? By logging into an external host and running nmap from there?

I'd start by watching traffic on the router using tcpdump (change eth0 to whatever your WAN device port is called, set port value to one of those you are redirecting).

router$ opkg update && opkg install tcpdump

router$ tcpdump -nvvv -i eth0 port 123
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:11:31.778885 IP (tos 0x0, ttl 63, id 12549, offset 0, flags [DF], proto TCP (6), length 60)
    66.5.99.32.53846 > 142.250.72.238.123: Flags [S], cksum 0x1037 (correct), seq 2495821045, win 64240, options [mss 1460,sackOK,TS val 2970322484 ecr 0,nop,wscale 7], length 0
10:11:31.881372 IP (tos 0x0, ttl 63, id 40962, offset 0, flags [DF], proto TCP (6), length 60)
    66.5.99.32.53862 > 142.250.72.238.123: Flags [S], cksum 0x4972 (correct), seq 959338203, win 64240, options [mss 1460,sackOK,TS val 2970322584 ecr 0,nop,wscale 7], length 0

On my workstation I did this to generate the above:

ws$ nmap -p 123 google.com
Starting Nmap 7.92 ( https://nmap.org ) at 2024-08-10 10:11 PDT
Nmap scan report for google.com (142.250.72.238)
Host is up (0.014s latency).
rDNS record for 142.250.72.238: lax31s14-in-f14.1e100.net

PORT    STATE    SERVICE
123/tcp filtered ntp

Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds

Let me try a reply:

I installed tcpdump (curiously it installs w.o a man page!).
The appropriate device is a bit unclear as it is only labelled as "wan", so I used that. Could not find any other definition in e,g. /etc/config/network or /firewall ... files.
Connection method: To access a device on LAN, I used an eternal network (mobile 4G) and e.g. Owlfiles on an iPad to access NAS. That usually worked. It also provides a diagnosis option, showing no "local network permission" but "port connect - succeed":


Also used the TOR network to access an IP cam as well as to perform a port scan via port scan websites on my IP. All ports showed as closed (even 80 e.g.).
Note on port 123: It isn't 123 but I used it to mask the actual port.

Only when I try to access a device via Nemo using the external IP, tcpdump actually shows anything. In all other cases, nothing is logged on that port. Output below (with xxx.xxx.xxx.121 being the external IP):

tcpdump: listening on wan, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:17:31.952116 IP (tos 0x0, ttl 63, id 33639, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0xeea3 (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369448943 ecr 0,nop,wscale 7], length 0
13:17:32.980163 IP (tos 0x0, ttl 63, id 33640, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0xea9d (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369449973 ecr 0,nop,wscale 7], length 0
13:17:34.997837 IP (tos 0x0, ttl 63, id 33641, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0xe2bd (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369451989 ecr 0,nop,wscale 7], length 0
13:17:39.091830 IP (tos 0x0, ttl 63, id 33642, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0xd2bd (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369456085 ecr 0,nop,wscale 7], length 0
13:17:47.283876 IP (tos 0x0, ttl 63, id 33643, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0xb2bd (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369464277 ecr 0,nop,wscale 7], length 0
13:18:03.415116 IP (tos 0x0, ttl 63, id 33644, offset 0, flags [DF], proto TCP (6), length 60)
    OpenWrt.lan.49376 > xxx.xxx.xxx.121: Flags [S], cksum 0x73bd (correct), seq 3237523084, win 64240, options [mss 1460,sackOK,TS val 3369480405 ecr 0,nop,wscale 7], length 0

Finally as requested, below is the content of /etc/config/network...firewall...dhcp...wireless with devices and MACs masked.

NETWORK:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda9:853d:7b54::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.0.2'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '8C:B1:DA:5D:69:D9'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'


WIRELESS:

config wifi-device 'radio0'
	option type 'mac80211'
	option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0/bcma1:1'
	option channel '2'
	option band '2g'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'SSID'
	option encryption 'psk-mixed'
	option key 'KEY'


DHCP:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '20'
	option limit '222'
	option leasetime '30d'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option ip '192.168.0.122'
	option mac 'MAC'
	option name 'Device-2'

config host
	option ip '192.168.0.123'
        option mac 'MAC'
        option name 'Device-1'

config host
        option ip '192.168.0.121'
        option mac 'MAC'
        option name 'nas'

config host
        option ip '192.168.0.55'
        option mac 'MAC'
        option name 'Device'

config host
        option ip '192.168.0.56'
        option mac 'MAC'
        option name 'Device'

config host
        option ip '192.168.0.57'
        option mac 'MAC'
        option name 'Device'

config host
        option ip '192.168.0.58'
        option mac 'MAC'
        option name 'Device'

config host
        option ip '192.168.0.59'
        option mac 'MAC'
        option name 'Device'

config host
        option ip '192.168.0.60'
        option mac 'MAC'
        option name 'Device'


FIREWALL:

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'nas'
	option src 'wan'
	option src_dport '121'
	option dest_port '121'
	option dest_ip '192.168.0.121'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Device-1'
        option src 'wan'
        option src_dport '123'
        option dest_port '123'
        option dest_ip '192.168.0.123'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Device-2'
        option src 'wan'
        option src_dport '122'
        option dest_port '122'
        option dest_ip '192.168.0.122'

In /etc/config/firewall I added to config redirect of those in question option enabled 1 and did a etc/init.d/firewall restart without any improvement.

...adding a bit more, as I've been playing with /etc/config/firewall:

Temporarily added a reverse instance to

config forwarding
        option src 'lan'
        option dest 'wan'

config forwarding
        option src 'wan'
        option dest 'lan'

Temporarily set

config zone
        ...
        option masq '0'

Temporarily set

config defaults
        ...
        option forward 'ACCEPT'

tcpdump -vvv -i wan port 121 (as well as the others), is somehow inconsistent:
It shows traffic when I access the NAS via the WAN IP from my local file browser (Nemo).
It also shows traffic (on the "wan" device!) when I access NAS locally via Nemo.
It shows no traffic for both other devices, whichever way I do it.
So I nmap -Pn all for open ports:

Dev-1:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-08-14 15:15 EST
Nmap scan report for Dev-1.lan (192.168.0.123)
Host is up (0.013s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
100/tcp open  newacct
MAC Address: xx:xx:xx:xx:xx:xx (Manufacturer)

Not true: one can access the device locally on port 123!

Dev-2:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-08-14 15:12 EST
Nmap scan report for 192.168.0.122
Host is up (0.014s latency).
All 1000 scanned ports on 192.168.0.122 are closed
MAC Address: xx:xx:xx:xx:xx:xx (Manufacturer)

Not true- one can access the device locally on port 122!

NAS:

Nmap done: 1 IP address (1 host up) scanned in 7.16 seconds
Starting Nmap 7.80 ( https://nmap.org ) at 2024-08-14 15:13 EST
Nmap scan report for 192.168.0.121
Host is up (0.031s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
443/tcp  open  https
444/tcp  open  snpp
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: xx:xx:xx:xx:xx:xx (Mnufacturer)

Correct ports seem open, local access works but no WAN access available, so the forwarding does not work- however if I SSH/SFTPviaSSH from outside, it does ask me for a PW, only that it won't connect- a "filtered" port? I did not set any "filtering" that some packages might be blocked.

It makes no sense to me right now, so I am assuming I missed something somewhere...

Just FYI - that's common in embedded systems. It wastes space. Additionally, it's a common networking tool (i.e. I guess assumeed one knows how to use it).

See: https://linux.die.net/man/8/tcpdump

(that's a good MAN page site)

I notice in all of your rules, you never specified the protocol.

Add:

option proto 'tcp udp'

2 Likes

So here is another update.
Adding option proto 'tcp udp' did not change anything unfortunately.

Tests I did:

  • 2nd client on external 4G network
  • SFTP to NAS via Nemo: no connecting, timeout.
  • run tcpdump -vvv -i wan port 121 (NAS)
  • Port scan via (below) show all ports are filtered, so not open.
    https://www.ipfingerprints.com/portscan.php
    https://dnschecker.org/port-scanner.php
  • nmap -Pn IP: That was interesting, the output is below and differs substantially from those external port scanners (long output but I post if for reference).

Yet, no access to any of the forwarding.
I have decided to focus on the NAS forwarding, ignoring the other devices to make it simpler. And the solution might be replicated on those later.

Starting Nmap 7.60 ( https://nmap.org ) at 2024-08-15 16:35 EST
Nmap scan report for 33135695.ISP.com (IP)
Host is up (0.20s latency).

PORT      STATE    SERVICE
1/tcp     open     tcpmux
3/tcp     open     compressnet
4/tcp     open     unknown
6/tcp     open     unknown
7/tcp     open     echo
9/tcp     open     discard
13/tcp    open     daytime
17/tcp    open     qotd
19/tcp    open     chargen
20/tcp    filtered ftp-data
21/tcp    filtered ftp
22/tcp    open     ssh
23/tcp    open     telnet
24/tcp    open     priv-mail
25/tcp    open     smtp
26/tcp    open     rsftp
30/tcp    open     unknown
32/tcp    open     unknown
33/tcp    open     dsp
37/tcp    open     time
42/tcp    open     nameserver
43/tcp    open     whois
49/tcp    open     tacacs
53/tcp    filtered domain
70/tcp    open     gopher
79/tcp    open     finger
80/tcp    open     http
81/tcp    open     hosts2-ns
82/tcp    open     xfer
83/tcp    open     mit-ml-dev
84/tcp    open     ctf
85/tcp    open     mit-ml-dev
88/tcp    open     kerberos-sec
89/tcp    open     su-mit-tg
90/tcp    open     dnsix
99/tcp    open     metagram
100/tcp   open     newacct
106/tcp   open     pop3pw
109/tcp   open     pop2
110/tcp   open     pop3
111/tcp   open     rpcbind
113/tcp   open     ident
119/tcp   open     nntp
125/tcp   open     locus-map
135/tcp   open     msrpc
139/tcp   open     netbios-ssn
143/tcp   open     imap
144/tcp   open     news
146/tcp   open     iso-tp0
161/tcp   open     snmp
163/tcp   open     cmip-man
179/tcp   open     bgp
199/tcp   open     smux
211/tcp   open     914c-g
212/tcp   open     anet
222/tcp   open     rsh-spx
254/tcp   open     unknown
255/tcp   open     unknown
256/tcp   open     fw1-secureremote
259/tcp   open     esro-gen
264/tcp   open     bgmp
280/tcp   open     http-mgmt
301/tcp   open     unknown
306/tcp   open     unknown
311/tcp   open     asip-webadmin
340/tcp   open     unknown
366/tcp   open     odmr
389/tcp   open     ldap
406/tcp   open     imsp
407/tcp   open     timbuktu
416/tcp   open     silverplatter
417/tcp   open     onmux
425/tcp   open     icad-el
427/tcp   open     svrloc
443/tcp   open     https
444/tcp   open     snpp
445/tcp   open     microsoft-ds
458/tcp   open     appleqtc
464/tcp   open     kpasswd5
465/tcp   open     smtps
481/tcp   open     dvs
497/tcp   open     retrospect
500/tcp   open     isakmp
512/tcp   open     exec
513/tcp   open     login
514/tcp   open     shell
515/tcp   open     printer
524/tcp   open     ncp
541/tcp   open     uucp-rlogin
543/tcp   open     klogin
544/tcp   open     kshell
545/tcp   open     ekshell
548/tcp   open     afp
554/tcp   open     rtsp
555/tcp   open     dsf
563/tcp   open     snews
587/tcp   open     submission
593/tcp   open     http-rpc-epmap
616/tcp   open     sco-sysmgr
617/tcp   open     sco-dtmgr
625/tcp   open     apple-xsrvr-admin
631/tcp   open     ipp
636/tcp   open     ldapssl
646/tcp   open     ldp
648/tcp   open     rrp
666/tcp   open     doom
667/tcp   open     disclose
668/tcp   open     mecomm
683/tcp   open     corba-iiop
687/tcp   open     asipregistry
691/tcp   open     resvc
700/tcp   open     epp
705/tcp   open     agentx
711/tcp   open     cisco-tdp
714/tcp   open     iris-xpcs
720/tcp   open     unknown
722/tcp   open     unknown
726/tcp   open     unknown
749/tcp   open     kerberos-adm
765/tcp   open     webster
777/tcp   open     multiling-http
783/tcp   open     spamassassin
787/tcp   open     qsc
800/tcp   open     mdbs_daemon
801/tcp   open     device
808/tcp   open     ccproxy-http
843/tcp   open     unknown
873/tcp   open     rsync
880/tcp   open     unknown
888/tcp   open     accessbuilder
898/tcp   open     sun-manageconsole
900/tcp   open     omginitialrefs
901/tcp   open     samba-swat
902/tcp   open     iss-realsecure
903/tcp   open     iss-console-mgr
911/tcp   open     xact-backup
912/tcp   open     apex-mesh
981/tcp   open     unknown
987/tcp   open     unknown
990/tcp   open     ftps
992/tcp   open     telnets
993/tcp   open     imaps
995/tcp   open     pop3s
999/tcp   open     garcon
1000/tcp  open     cadlock
1001/tcp  open     webpush
1002/tcp  open     windows-icfw
1007/tcp  open     unknown
1009/tcp  open     unknown
1010/tcp  open     surf
1011/tcp  open     unknown
1021/tcp  open     exp1
1022/tcp  open     exp2
1023/tcp  open     netvenuechat
1024/tcp  open     kdm
1025/tcp  open     NFS-or-IIS
1026/tcp  open     LSA-or-nterm
1027/tcp  open     IIS
1028/tcp  open     unknown
1029/tcp  open     ms-lsa
1030/tcp  open     iad1
1031/tcp  open     iad2
1032/tcp  open     iad3
1033/tcp  open     netinfo
1034/tcp  open     zincite-a
1035/tcp  open     multidropper
1036/tcp  open     nsstp
1037/tcp  open     ams
1038/tcp  open     mtqp
1039/tcp  open     sbl
1040/tcp  open     netsaint
1041/tcp  open     danf-ak2
1042/tcp  open     afrog
1043/tcp  open     boinc
1044/tcp  open     dcutility
1045/tcp  open     fpitp
1046/tcp  open     wfremotertm
1047/tcp  open     neod1
1048/tcp  open     neod2
1049/tcp  open     td-postman
1050/tcp  open     java-or-OTGfileshare
1051/tcp  open     optima-vnet
1052/tcp  open     ddt
1053/tcp  open     remote-as
1054/tcp  open     brvread
1055/tcp  open     ansyslmd
1056/tcp  open     vfo
1057/tcp  open     startron
1058/tcp  open     nim
1059/tcp  open     nimreg
1060/tcp  open     polestar
1061/tcp  open     kiosk
1062/tcp  open     veracity
1063/tcp  open     kyoceranetdev
1064/tcp  open     jstel
1065/tcp  open     syscomlan
1066/tcp  open     fpo-fns
1067/tcp  open     instl_boots
1068/tcp  open     instl_bootc
1069/tcp  open     cognex-insight
1070/tcp  open     gmrupdateserv
1071/tcp  open     bsquare-voip
1072/tcp  open     cardax
1073/tcp  open     bridgecontrol
1074/tcp  open     warmspotMgmt
1075/tcp  open     rdrmshc
1076/tcp  open     sns_credit
1077/tcp  open     imgames
1078/tcp  open     avocent-proxy
1079/tcp  open     asprovatalk
1080/tcp  open     socks
1081/tcp  open     pvuniwien
1082/tcp  open     amt-esd-prot
1083/tcp  open     ansoft-lm-1
1084/tcp  open     ansoft-lm-2
1085/tcp  open     webobjects
1086/tcp  open     cplscrambler-lg
1087/tcp  open     cplscrambler-in
1088/tcp  open     cplscrambler-al
1089/tcp  open     ff-annunc
1090/tcp  open     ff-fms
1091/tcp  open     ff-sm
1092/tcp  open     obrpd
1093/tcp  open     proofd
1094/tcp  open     rootd
1095/tcp  open     nicelink
1096/tcp  open     cnrprotocol
1097/tcp  open     sunclustermgr
1098/tcp  open     rmiactivation
1099/tcp  open     rmiregistry
1100/tcp  open     mctp
1102/tcp  open     adobeserver-1
1104/tcp  open     xrl
1105/tcp  open     ftranhc
1106/tcp  open     isoipsigport-1
1107/tcp  open     isoipsigport-2
1108/tcp  open     ratio-adp
1110/tcp  open     nfsd-status
1111/tcp  open     lmsocialserver
1112/tcp  open     msql
1113/tcp  open     ltp-deepspace
1114/tcp  open     mini-sql
1117/tcp  open     ardus-mtrns
1119/tcp  open     bnetgame
1121/tcp  open     rmpp
1122/tcp  open     availant-mgr
1123/tcp  open     murray
1124/tcp  open     hpvmmcontrol
1126/tcp  open     hpvmmdata
1130/tcp  open     casp
1131/tcp  open     caspssl
1132/tcp  open     kvm-via-ip
1137/tcp  open     trim
1138/tcp  open     encrypted_admin
1141/tcp  open     mxomss
1145/tcp  open     x9-icue
1147/tcp  open     capioverlan
1148/tcp  open     elfiq-repl
1149/tcp  open     bvtsonar
1151/tcp  open     unizensus
1152/tcp  open     winpoplanmess
1154/tcp  open     resacommunity
1163/tcp  open     sddp
1164/tcp  open     qsm-proxy
1165/tcp  open     qsm-gui
1166/tcp  open     qsm-remote
1169/tcp  open     tripwire
1174/tcp  open     fnet-remote-ui
1175/tcp  open     dossier
1183/tcp  open     llsurfup-http
1185/tcp  open     catchpole
1186/tcp  open     mysql-cluster
1187/tcp  open     alias
1192/tcp  open     caids-sensor
1198/tcp  open     cajo-discovery
1199/tcp  open     dmidi
1201/tcp  open     nucleus-sand
1213/tcp  open     mpc-lifenet
1216/tcp  open     etebac5
1217/tcp  open     hpss-ndapi
1218/tcp  open     aeroflight-ads
1233/tcp  open     univ-appserver
1234/tcp  open     hotline
1236/tcp  open     bvcontrol
1244/tcp  open     isbconference1
1247/tcp  open     visionpyramid
1248/tcp  open     hermes
1259/tcp  open     opennl-voice
1271/tcp  open     excw
1272/tcp  open     cspmlockmgr
1277/tcp  open     miva-mqs
1287/tcp  open     routematch
1296/tcp  open     dproxy
1300/tcp  open     h323hostcallsc
1301/tcp  open     ci3-software-1
1309/tcp  open     jtag-server
1310/tcp  open     husky
1311/tcp  open     rxmon
1322/tcp  open     novation
1328/tcp  open     ewall
1334/tcp  open     writesrv
1352/tcp  open     lotusnotes
1417/tcp  open     timbuktu-srv1
1433/tcp  open     ms-sql-s
1434/tcp  open     ms-sql-m
1443/tcp  open     ies-lm
1455/tcp  open     esl-lm
1461/tcp  open     ibm_wrless_lan
1494/tcp  open     citrix-ica
1500/tcp  open     vlsi-lm
1501/tcp  open     sas-3
1503/tcp  open     imtc-mcs
1521/tcp  open     oracle
1524/tcp  open     ingreslock
1533/tcp  open     virtual-places
1556/tcp  open     veritas_pbx
1580/tcp  open     tn-tl-r1
1583/tcp  open     simbaexpress
1594/tcp  open     sixtrak
1600/tcp  open     issd
1641/tcp  open     invision
1658/tcp  open     sixnetudr
1666/tcp  open     netview-aix-6
1687/tcp  open     nsjtp-ctrl
1688/tcp  open     nsjtp-data
1700/tcp  open     mps-raft
1717/tcp  open     fj-hdnet
1718/tcp  open     h323gatedisc
1719/tcp  open     h323gatestat
1720/tcp  open     h323q931
1721/tcp  open     caicci
1723/tcp  open     pptp
1755/tcp  open     wms
1761/tcp  open     landesk-rc
1782/tcp  open     hp-hcip
1783/tcp  open     unknown
1801/tcp  open     msmq
1805/tcp  open     enl-name
1812/tcp  open     radius
1839/tcp  open     netopia-vo1
1840/tcp  open     netopia-vo2
1862/tcp  open     mysql-cm-agent
1863/tcp  open     msnp
1864/tcp  open     paradym-31
1875/tcp  open     westell-stats
1900/tcp  open     upnp
1914/tcp  open     elm-momentum
1935/tcp  open     rtmp
1947/tcp  open     sentinelsrm
1971/tcp  open     netop-school
1972/tcp  open     intersys-cache
1974/tcp  open     drp
1984/tcp  open     bigbrother
1998/tcp  open     x25-svc-port
1999/tcp  open     tcp-id-port
2000/tcp  open     cisco-sccp
2001/tcp  open     dc
2002/tcp  open     globe
2003/tcp  open     finger
2004/tcp  open     mailbox
2005/tcp  open     deslogin
2006/tcp  open     invokator
2007/tcp  open     dectalk
2008/tcp  open     conf
2009/tcp  open     news
2010/tcp  open     search
2013/tcp  open     raid-am
2020/tcp  open     xinupageserver
2021/tcp  open     servexec
2022/tcp  open     down
2030/tcp  open     device2
2033/tcp  open     glogger
2034/tcp  open     scoremgr
2035/tcp  open     imsldoc
2038/tcp  open     objectmanager
2040/tcp  open     lam
2041/tcp  open     interbase
2042/tcp  open     isis
2043/tcp  open     isis-bcast
2045/tcp  open     cdfunc
2046/tcp  open     sdfunc
2047/tcp  open     dls
2048/tcp  open     dls-monitor
2049/tcp  open     nfs
2065/tcp  open     dlsrpn
2068/tcp  open     avocentkvm
2099/tcp  open     h2250-annex-g
2100/tcp  open     amiganetfs
2103/tcp  open     zephyr-clt
2105/tcp  open     eklogin
2106/tcp  open     ekshell
2107/tcp  open     msmq-mgmt
2111/tcp  open     kx
2119/tcp  open     gsigatekeeper
2121/tcp  open     ccproxy-ftp
2126/tcp  open     pktcable-cops
2135/tcp  open     gris
2144/tcp  open     lv-ffx
2160/tcp  open     apc-2160
2161/tcp  open     apc-agent
2170/tcp  open     eyetv
2179/tcp  open     vmrdp
2190/tcp  open     tivoconnect
2191/tcp  open     tvbus
2196/tcp  open     unknown
2200/tcp  open     ici
2222/tcp  open     EtherNetIP-1
2251/tcp  open     dif-port
2260/tcp  open     apc-2260
2288/tcp  open     netml
2301/tcp  open     compaqdiag
2323/tcp  open     3d-nfsd
2366/tcp  open     qip-login
2381/tcp  open     compaq-https
2382/tcp  open     ms-olap3
2383/tcp  open     ms-olap4
2393/tcp  open     ms-olap1
2394/tcp  open     ms-olap2
2399/tcp  open     fmpro-fdal
2401/tcp  open     cvspserver
2492/tcp  open     groove
2500/tcp  open     rtsserv
2522/tcp  open     windb
2525/tcp  open     ms-v-worlds
2557/tcp  open     nicetec-mgmt
2601/tcp  open     zebra
2602/tcp  open     ripd
2604/tcp  open     ospfd
2605/tcp  open     bgpd
2607/tcp  open     connection
2608/tcp  open     wag-service
2638/tcp  open     sybase
2701/tcp  open     sms-rcinfo
2702/tcp  open     sms-xfer
2710/tcp  open     sso-service
2717/tcp  open     pn-requester
2718/tcp  open     pn-requester2
2725/tcp  open     msolap-ptp2
2800/tcp  open     acc-raid
2809/tcp  open     corbaloc
2811/tcp  open     gsiftp
2869/tcp  open     icslap
2875/tcp  open     dxmessagebase2
2909/tcp  open     funk-dialout
2910/tcp  open     tdaccess
2920/tcp  open     roboeda
2967/tcp  open     symantec-av
2968/tcp  open     enpp
2998/tcp  open     iss-realsec
3000/tcp  open     ppp
3001/tcp  open     nessus
3003/tcp  open     cgms
3005/tcp  open     deslogin
3006/tcp  open     deslogind
3007/tcp  open     lotusmtap
3011/tcp  open     trusted-web
3013/tcp  open     gilatskysurfer
3017/tcp  open     event_listener
3030/tcp  open     arepa-cas
3031/tcp  open     eppc
3052/tcp  open     powerchute
3071/tcp  open     csd-mgmt-port
3077/tcp  open     orbix-loc-ssl
3128/tcp  open     squid-http
3168/tcp  open     poweronnud
3211/tcp  open     avsecuremgmt
3221/tcp  open     xnm-clear-text
3260/tcp  open     iscsi
3261/tcp  open     winshadow
3268/tcp  open     globalcatLDAP
3269/tcp  open     globalcatLDAPssl
3283/tcp  open     netassistant
3300/tcp  open     ceph
3301/tcp  open     unknown
3306/tcp  open     mysql
3322/tcp  open     active-net
3323/tcp  open     active-net
3324/tcp  open     active-net
3325/tcp  open     active-net
3333/tcp  open     dec-notes
3351/tcp  open     btrieve
3367/tcp  open     satvid-datalnk
3369/tcp  open     satvid-datalnk
3370/tcp  open     satvid-datalnk
3371/tcp  open     satvid-datalnk
3372/tcp  open     msdtc
3389/tcp  open     ms-wbt-server
3390/tcp  open     dsc
3404/tcp  open     unknown
3476/tcp  open     nppmp
3493/tcp  open     nut
3517/tcp  open     802-11-iapp
3527/tcp  open     beserver-msg-q
3546/tcp  open     unknown
3551/tcp  open     apcupsd
3580/tcp  open     nati-svrloc
3659/tcp  open     apple-sasl
3689/tcp  open     rendezvous
3690/tcp  open     svn
3703/tcp  open     adobeserver-3
3737/tcp  open     xpanel
3766/tcp  open     sitewatch-s
3784/tcp  open     bfd-control
3800/tcp  open     pwgpsi
3801/tcp  open     ibm-mgr
3809/tcp  open     apocd
3814/tcp  open     neto-dcs
3826/tcp  open     wormux
3827/tcp  open     netmpi
3828/tcp  open     neteh
3851/tcp  open     spectraport
3869/tcp  open     ovsam-mgmt
3871/tcp  open     avocent-adsap
3878/tcp  open     fotogcad
3880/tcp  open     igrs
3889/tcp  open     dandv-tester
3905/tcp  open     mupdate
3914/tcp  open     listcrt-port-2
3918/tcp  open     pktcablemmcops
3920/tcp  open     exasoftport1
3945/tcp  open     emcads
3971/tcp  open     lanrevserver
3986/tcp  open     mapper-ws_ethd
3995/tcp  open     iss-mgmt-ssl
3998/tcp  open     dnx
4000/tcp  open     remoteanything
4001/tcp  open     newoak
4002/tcp  open     mlchat-proxy
4003/tcp  open     pxc-splr-ft
4004/tcp  open     pxc-roid
4005/tcp  open     pxc-pin
4006/tcp  open     pxc-spvr
4045/tcp  open     lockd
4111/tcp  open     xgrid
4125/tcp  open     rww
4126/tcp  open     ddrepl
4129/tcp  open     nuauth
4224/tcp  open     xtell
4242/tcp  open     vrml-multi-use
4279/tcp  open     vrml-multi-use
4321/tcp  open     rwhois
4343/tcp  open     unicall
4443/tcp  open     pharos
4444/tcp  open     krb524
4445/tcp  open     upnotifyp
4446/tcp  open     n1-fwp
4449/tcp  open     privatewire
4550/tcp  open     gds-adppiw-db
4567/tcp  open     tram
4662/tcp  open     edonkey
4848/tcp  open     appserv-http
4899/tcp  open     radmin
4900/tcp  open     hfcs
4998/tcp  open     maybe-veritas
5000/tcp  open     upnp
5001/tcp  open     commplex-link
5002/tcp  open     rfe
5003/tcp  open     filemaker
5004/tcp  open     avt-profile-1
5009/tcp  open     airport-admin
5030/tcp  open     surfpass
5033/tcp  open     jtnetd-server
5050/tcp  open     mmcc
5051/tcp  open     ida-agent
5054/tcp  open     rlm-admin
5060/tcp  open     sip
5061/tcp  open     sip-tls
5080/tcp  open     onscreen
5087/tcp  open     biotic
5100/tcp  open     admd
5101/tcp  open     admdog
5102/tcp  open     admeng
5120/tcp  open     barracuda-bbs
5190/tcp  open     aol
5200/tcp  open     targus-getdata
5214/tcp  open     unknown
5221/tcp  open     3exmp
5222/tcp  open     xmpp-client
5225/tcp  open     hp-server
5226/tcp  open     hp-status
5269/tcp  open     xmpp-server
5280/tcp  open     xmpp-bosh
5298/tcp  open     presence
5357/tcp  open     wsdapi
5405/tcp  open     pcduo
5414/tcp  open     statusd
5431/tcp  open     park-agent
5432/tcp  open     postgresql
5440/tcp  open     unknown
5500/tcp  open     hotline
5510/tcp  open     secureidprop
5544/tcp  open     unknown
5550/tcp  open     sdadmind
5555/tcp  open     freeciv
5560/tcp  open     isqlplus
5566/tcp  open     westec-connect
5631/tcp  open     pcanywheredata
5633/tcp  open     beorl
5666/tcp  open     nrpe
5678/tcp  open     rrac
5679/tcp  open     activesync
5718/tcp  open     dpm
5730/tcp  open     unieng
5800/tcp  open     vnc-http
5801/tcp  open     vnc-http-1
5802/tcp  open     vnc-http-2
5810/tcp  open     unknown
5811/tcp  open     unknown
5815/tcp  open     unknown
5822/tcp  open     unknown
5825/tcp  open     unknown
5850/tcp  open     unknown
5859/tcp  open     wherehoo
5862/tcp  open     unknown
5877/tcp  open     unknown
5900/tcp  open     vnc
5901/tcp  open     vnc-1
5902/tcp  open     vnc-2
5903/tcp  open     vnc-3
5904/tcp  open     unknown
5906/tcp  open     unknown
5907/tcp  open     unknown
5910/tcp  open     cm
5911/tcp  open     cpdlc
5915/tcp  open     unknown
5922/tcp  open     unknown
5925/tcp  open     unknown
5950/tcp  open     unknown
5952/tcp  open     unknown
5959/tcp  open     unknown
5960/tcp  open     unknown
5961/tcp  open     unknown
5962/tcp  open     unknown
5963/tcp  open     indy
5987/tcp  open     wbem-rmi
5988/tcp  open     wbem-http
5989/tcp  open     wbem-https
5998/tcp  open     ncd-diag
5999/tcp  open     ncd-conf
6000/tcp  open     X11
6001/tcp  open     X11:1
6002/tcp  open     X11:2
6003/tcp  open     X11:3
6004/tcp  open     X11:4
6005/tcp  open     X11:5
6006/tcp  open     X11:6
6007/tcp  open     X11:7
6009/tcp  open     X11:9
6025/tcp  open     x11
6059/tcp  open     X11:59
6100/tcp  open     synchronet-db
6101/tcp  open     backupexec
6106/tcp  open     isdninfo
6112/tcp  open     dtspc
6123/tcp  open     backup-express
6129/tcp  open     unknown
6156/tcp  open     unknown
6346/tcp  open     gnutella
6389/tcp  open     clariion-evr01
6502/tcp  open     netop-rc
6510/tcp  open     mcer-port
6543/tcp  open     mythtv
6547/tcp  open     powerchuteplus
6565/tcp  open     unknown
6566/tcp  open     sane-port
6567/tcp  open     esp
6580/tcp  open     parsec-master
6646/tcp  open     unknown
6666/tcp  open     irc
6667/tcp  open     irc
6668/tcp  open     irc
6669/tcp  open     irc
6689/tcp  open     tsa
6692/tcp  open     unknown
6699/tcp  open     napster
6779/tcp  open     unknown
6788/tcp  open     smc-http
6789/tcp  open     ibm-db2-admin
6792/tcp  open     unknown
6839/tcp  open     unknown
6881/tcp  open     bittorrent-tracker
6901/tcp  open     jetstream
6969/tcp  open     acmsoda
7000/tcp  open     afs3-fileserver
7001/tcp  open     afs3-callback
7002/tcp  open     afs3-prserver
7004/tcp  open     afs3-kaserver
7007/tcp  open     afs3-bos
7019/tcp  open     doceri-ctl
7025/tcp  open     vmsvc-2
7070/tcp  open     realserver
7100/tcp  open     font-service
7103/tcp  open     unknown
7106/tcp  open     unknown
7200/tcp  open     fodms
7201/tcp  open     dlip
7402/tcp  open     rtps-dd-mt
7435/tcp  open     unknown
7443/tcp  open     oracleas-https
7496/tcp  open     unknown
7512/tcp  open     unknown
7625/tcp  open     unknown
7627/tcp  open     soap-http
7676/tcp  open     imqbrokerd
7741/tcp  open     scriptview
7777/tcp  open     cbt
7778/tcp  open     interwise
7800/tcp  open     asr
7911/tcp  open     unknown
7920/tcp  open     unknown
7921/tcp  open     unknown
7937/tcp  open     nsrexecd
7938/tcp  open     lgtomapper
7999/tcp  open     irdmi2
8000/tcp  open     http-alt
8001/tcp  open     vcom-tunnel
8002/tcp  open     teradataordbms
8007/tcp  open     ajp12
8008/tcp  open     http
8009/tcp  open     ajp13
8010/tcp  open     xmpp
8011/tcp  open     unknown
8021/tcp  open     ftp-proxy
8022/tcp  open     oa-system
8031/tcp  open     unknown
8042/tcp  open     fs-agent
8045/tcp  open     unknown
8080/tcp  open     http-proxy
8081/tcp  open     blackice-icecap
8082/tcp  open     blackice-alerts
8083/tcp  open     us-srv
8084/tcp  open     unknown
8085/tcp  open     unknown
8086/tcp  open     d-s-n
8087/tcp  open     simplifymedia
8088/tcp  open     radan-http
8089/tcp  open     unknown
8090/tcp  open     opsmessaging
8093/tcp  open     unknown
8099/tcp  open     unknown
8100/tcp  open     xprint-server
8180/tcp  open     unknown
8181/tcp  open     intermapper
8192/tcp  open     sophos
8193/tcp  open     sophos
8194/tcp  open     sophos
8200/tcp  open     trivnet1
8222/tcp  open     unknown
8254/tcp  open     unknown
8290/tcp  open     unknown
8291/tcp  open     unknown
8292/tcp  open     blp3
8300/tcp  open     tmi
8333/tcp  open     bitcoin
8383/tcp  open     m2mservices
8400/tcp  open     cvd
8402/tcp  open     abarsd
8443/tcp  open     https-alt
8500/tcp  open     fmtp
8600/tcp  open     asterix
8649/tcp  open     unknown
8651/tcp  open     unknown
8652/tcp  open     unknown
8654/tcp  open     unknown
8701/tcp  open     unknown
8800/tcp  open     sunwebadmin
8873/tcp  open     dxspider
8888/tcp  open     sun-answerbook
8899/tcp  open     ospf-lite
8994/tcp  open     unknown
9000/tcp  open     cslistener
9001/tcp  open     tor-orport
9002/tcp  open     dynamid
9003/tcp  open     unknown
9009/tcp  open     pichat
9010/tcp  open     sdr
9011/tcp  open     unknown
9040/tcp  open     tor-trans
9050/tcp  open     tor-socks
9071/tcp  open     unknown
9080/tcp  open     glrpc
9081/tcp  open     unknown
9090/tcp  open     zeus-admin
9091/tcp  open     xmltec-xmlmail
9099/tcp  open     unknown
9100/tcp  open     jetdirect
9101/tcp  open     jetdirect
9102/tcp  open     jetdirect
9103/tcp  open     jetdirect
9110/tcp  open     unknown
9111/tcp  open     DragonIDSConsole
9200/tcp  open     wap-wsp
9207/tcp  open     wap-vcal-s
9220/tcp  open     unknown
9290/tcp  open     unknown
9415/tcp  open     unknown
9418/tcp  open     git
9485/tcp  open     unknown
9500/tcp  open     ismserver
9502/tcp  open     unknown
9503/tcp  open     unknown
9535/tcp  open     man
9575/tcp  open     unknown
9593/tcp  open     cba8
9594/tcp  open     msgsys
9595/tcp  open     pds
9618/tcp  open     condor
9666/tcp  open     zoomcp
9876/tcp  open     sd
9877/tcp  open     unknown
9878/tcp  open     kca-service
9898/tcp  open     monkeycom
9900/tcp  open     iua
9917/tcp  open     unknown
9929/tcp  open     nping-echo
9943/tcp  open     unknown
9944/tcp  open     unknown
9968/tcp  open     unknown
9998/tcp  open     distinct32
9999/tcp  open     abyss
10000/tcp filtered snet-sensor-mgmt
10001/tcp filtered scp-config
10002/tcp filtered documentum
10003/tcp open     documentum_s
10004/tcp open     emcrmirccd
10009/tcp open     swdtp-sv
10010/tcp open     rxapi
10012/tcp open     unknown
10024/tcp open     unknown
10025/tcp open     unknown
10082/tcp open     amandaidx
10180/tcp open     unknown
10215/tcp open     unknown
10243/tcp open     unknown
10566/tcp open     unknown
10616/tcp open     unknown
10617/tcp open     unknown
10621/tcp open     unknown
10626/tcp open     unknown
10628/tcp open     unknown
10629/tcp open     unknown
10778/tcp open     unknown
11110/tcp open     sgi-soap
11111/tcp open     vce
11967/tcp open     sysinfo-sp
12000/tcp open     cce4x
12174/tcp open     unknown
12265/tcp open     unknown
12345/tcp open     netbus
13456/tcp open     unknown
13722/tcp open     netbackup
13782/tcp open     netbackup
13783/tcp open     netbackup
14000/tcp open     scotty-ft
14238/tcp open     unknown
14441/tcp open     unknown
14442/tcp open     unknown
15000/tcp open     hydap
15002/tcp open     onep-tls
15003/tcp open     unknown
15004/tcp open     unknown
15660/tcp open     bex-xr
15742/tcp open     unknown
16000/tcp open     fmsas
16001/tcp open     fmsascon
16012/tcp open     unknown
16016/tcp open     unknown
16018/tcp open     unknown
16080/tcp open     osxwebadmin
16113/tcp open     unknown
16992/tcp open     amt-soap-http
16993/tcp open     amt-soap-https
17877/tcp open     unknown
17988/tcp open     unknown
18040/tcp open     unknown
18101/tcp open     unknown
18988/tcp open     unknown
19101/tcp open     unknown
19283/tcp open     keysrvr
19315/tcp open     keyshadow
19350/tcp open     unknown
19780/tcp open     unknown
19801/tcp open     unknown
19842/tcp open     unknown
20000/tcp open     dnp
20005/tcp open     btx
20031/tcp open     unknown
20221/tcp open     unknown
20222/tcp open     ipulse-ics
20828/tcp open     unknown
21571/tcp open     unknown
22939/tcp open     unknown
23502/tcp open     unknown
24444/tcp open     unknown
24800/tcp open     unknown
25734/tcp open     unknown
25735/tcp open     unknown
26214/tcp open     unknown
27000/tcp open     flexlm0
27352/tcp open     unknown
27353/tcp open     unknown
27355/tcp open     unknown
27356/tcp open     unknown
27715/tcp open     unknown
28201/tcp open     unknown
30000/tcp open     ndmps
30718/tcp open     unknown
30951/tcp open     unknown
31038/tcp open     unknown
31337/tcp open     Elite
32768/tcp open     filenet-tms
32769/tcp open     filenet-rpc
32770/tcp open     sometimes-rpc3
32771/tcp open     sometimes-rpc5
32772/tcp open     sometimes-rpc7
32773/tcp open     sometimes-rpc9
32774/tcp open     sometimes-rpc11
32775/tcp open     sometimes-rpc13
32776/tcp open     sometimes-rpc15
32777/tcp open     sometimes-rpc17
32778/tcp open     sometimes-rpc19
32779/tcp open     sometimes-rpc21
32780/tcp open     sometimes-rpc23
32781/tcp open     unknown
32782/tcp open     unknown
32783/tcp open     unknown
32784/tcp open     unknown
32785/tcp open     unknown
33354/tcp open     unknown
33899/tcp open     unknown
34571/tcp open     unknown
34572/tcp open     unknown
34573/tcp open     unknown
35500/tcp open     unknown
38292/tcp open     landesk-cba
40193/tcp open     unknown
40911/tcp open     unknown
41511/tcp open     unknown
42510/tcp open     caerpc
44176/tcp open     unknown
44442/tcp open     coldfusion-auth
44443/tcp open     coldfusion-auth
44501/tcp open     unknown
45100/tcp open     unknown
48080/tcp open     unknown
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49155/tcp open     unknown
49156/tcp open     unknown
49157/tcp open     unknown
49158/tcp open     unknown
49159/tcp open     unknown
49160/tcp open     unknown
49161/tcp open     unknown
49163/tcp open     unknown
49165/tcp open     unknown
49167/tcp open     unknown
49175/tcp open     unknown
49176/tcp open     unknown
49400/tcp open     compaqdiag
49999/tcp open     unknown
50000/tcp open     ibm-db2
50001/tcp open     unknown
50002/tcp open     iiimsf
50003/tcp open     unknown
50006/tcp open     unknown
50300/tcp open     unknown
50389/tcp open     unknown
50500/tcp open     unknown
50636/tcp open     unknown
50800/tcp open     unknown
51103/tcp open     unknown
51493/tcp open     unknown
52673/tcp open     unknown
52822/tcp open     unknown
52848/tcp open     unknown
52869/tcp open     unknown
54045/tcp open     unknown
54328/tcp open     unknown
55055/tcp open     unknown
55056/tcp open     unknown
55555/tcp open     unknown
55600/tcp open     unknown
56737/tcp open     unknown
56738/tcp open     unknown
57294/tcp open     unknown
57797/tcp open     unknown
58080/tcp open     unknown
60020/tcp open     unknown
60443/tcp open     unknown
61532/tcp open     unknown
61900/tcp open     unknown
62078/tcp open     iphone-sync
63331/tcp open     unknown
64623/tcp open     unknown
64680/tcp open     unknown
65000/tcp open     unknown
65129/tcp open     unknown
65389/tcp open     unknown

Nmap done: 1 IP address (1 host up) scanned in 26.04 seconds

That is not OpenWRT.

Well it surely is.
I will be looking for a potential upate now.
I believe this is a bug!

Let’s take a look at the current state of the configuration…

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall
1 Like

I know there is one update available. Just need to back it up first... :

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.150",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Netgear R6250 V1 (BCM4708)",
	"board_name": "netgear,r6250-v1",
	"rootfs_type": "squashfs",
	"release": {
	        "distribution": "OpenWrt",
	        "version": "23.05.3",
	        "revision": "r23809-234f1a2efa",
	        "target": "bcm53xx/generic",
	        "description": "OpenWrt 23.05.3 r23809-234f1a2efa"

IP/MAC addresses have been modified/anonymised for public display:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc9:833d:8b94::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.2'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '5C:B2:1E:3A:63:D9'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

Actual IPs/ports have been anonymised for public display:

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Dev0'
	option src 'wan'
	option src_dport '121'
	option dest_port '121'
	option dest_ip '192.168.2.331'
	option proto 'tcp udp'
	option enabled 1

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dev2'
        option src 'wan'
        option src_dport '122'
        option dest_port '122'
        option dest_ip '192.168.2.332'
	option proto 'tcp udp'
	option enabled 1

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dev1'
        option src 'wan'
        option src_dport '123'
        option dest_port '123'
        option dest_ip '192.168.2.333'
	option proto 'tcp udp'
	option enabled 1

config redirect
-	option dest 'lan'
	option target 'DNAT'
	option name 'Dev0'
	option src 'wan'
	option src_dport '121'
-	option dest_port '121'
	option dest_ip '192.168.2.331'
	option proto 'tcp udp'
-	option enabled 1

config redirect
-       option dest 'lan'
        option target 'DNAT'
        option name 'Dev2'
        option src 'wan'
        option src_dport '122'
-        option dest_port '122'
        option dest_ip '192.168.2.332'
	option proto 'tcp udp'
-	option enabled 1

config redirect
-       option dest 'lan'
        option target 'DNAT'
        option name 'Dev1'
        option src 'wan'
        option src_dport '123'
-        option dest_port '123'
        option dest_ip '192.168.2.333'
	option proto 'tcp udp'
-	option enabled 1

Remove useless lines.

What host were you scanning there?

What do you mean by one update? You are TWO stable versions behind.

These are invalid IP addresses. The max value of any given octet is 255, but on a /24 network, the 255 address is the broadcast. So, the max value for the last octet of your network addresses would be 254.

You have values of 331, 332, and 333... all of these are wrong.

1 Like

These are invalid IP addresses. The max value of any given octet is 255, but on a /24 network, the 255 address is the broadcast. So, the max value for the last octet of your network addresses would be 254.

You have values of 331, 332, and 333... all of these are wrong.

Installing and Using OpenWrt||

Installing and Using OpenWrt||

Installing and Using OpenWrt||

Installing and Using OpenWrt||

Correct, hence my note that MACs and IPs are anonymised. The actual one is in the 100s range.

According to the firmware selector the next version is 23.05.5, yes two higher than currently.
So when nobody needs the network, I'll do an update first.

1 Like

I think that was the router.
It's long ago now, so I only vaguely remember as I couldn't do any work on this for quite a while.
I'll focus on the update now and hope to resolve this from there.

1 Like

I'm not sure why my [deleted] post was referenced.