What's new

Asus RT-AX88U Closed Ports vs. Stealth

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

okay, awesome. Thanks again for your time and expertise.

Might you have any other suggestions on why these ports are behaving this way?
Not really. It's something upstream of your router. It could be anywhere between your ISP gateway server and the GRC website.
 
Here's another way to know exactly which firewall, yours or the ISP's, is blocking ports.

You can add the following firewall rules to the router (using SSH) and try Shields Up again.

Code:
iptables -t raw -I PREROUTING -i $(nvram get wan0_ifname) -p tcp --dport 89 -j ACCEPT
iptables -t raw -I PREROUTING -i $(nvram get wan0_ifname) -p tcp --dport 90 -j ACCEPT

If you subsequently dump the PREROUTING chain of the raw table …

Code:
iptables -t raw -vnL PREROUTING

… and do NOT see any packets (pkts field = 0) for those rules, you know for certain those ports are being blocked upstream of your router, otherwise your own router would be seeing them and show it (in my own case, they are NOT being blocked and report four (4) packets each).

You could even use the following script to review ALL of the tested ports (plus ping/icmp) this way.

Code:
#!/bin/sh
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
i=1023
while [ $i -ge 0 ]; do
    iptables -t raw -I PREROUTING -i $WAN_IF -p tcp --dport $((i--)) -j ACCEPT
done
iptables -t raw -I PREROUTING -i $WAN_IF -p icmp -j ACCEPT

Run Shields Up again and then search for any rules that show ZERO packets.

Code:
iptables -t raw -vnL PREROUTING | egrep '^\s*0'

In my case, I get the following …

Code:
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:135
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:136
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:137
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:138
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:179
    0     0 ACCEPT     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445

Seems about right to me.

You can flush those same rules w/ a reboot.

P.S. The above assumes you're testing Shields Up over the WAN, NOT the VPN.
 
Last edited:
Thank you eibgrad. Although I have the least possible understanding of the results, I see that the packets column is 0 for ports 0 through 1023.

I am going to put this system outside the VPN and see if it is them who are blocking those ports. I do hope that is the case, as I have no other idea where to look! LOL

tcp dpt:1023
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:90
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:89
 
Nope, still blocked when outside the VPN, and after running your scripts. I guess it is Spectrum, even though they don't list 89 or 90 as ports they block.

Again, thank you both, ColinTaylor and eibgrad. You guys are very much appreciated. Your depth of knowledge is astounding! Thank you for sharing it with a noob like me!
 
Just to follow up, after suddenly having connection issues with my VPN and chatting with the support, I was given 10 new servers to try out. As soon as I connected to the VPN, the ports were closed again. This was after a perfect stealth score when not connected to the VPN. So it's Nord VPN that are the culprits.
 
Just to follow up, after suddenly having connection issues with my VPN and chatting with the support, I was given 10 new servers to try out. As soon as I connected to the VPN, the ports were closed again. This was after a perfect stealth score when not connected to the VPN. So it's Nord VPN that are the culprits.
Ah! I think I get it now.

I must apologise, all along I thought you were running the GRC test from a client that was excluded from your VPN routing. I assumed that when you said "... and route all but a few devices through the VPN tunnel".

To me it seems obvious that you shouldn't be testing via a VPN as what you'd be testing is the VPN provider's public facing server and not your router. But I shouldn't have assumed that, so apologies again.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top