1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-AC86U unable to prevent router from accepting ping requests from WAN and port 5060 open

Discussion in 'Asuswrt-Merlin' started by nuromen, Feb 17, 2020.

  1. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    Greetings,

    I have 2 issues with 384.15 firmware on my RT-AC86U

    In firewall, if I select Respond ICMP Echo (ping) Request from WAN to NO, I can still ping it.

    Running a port scanner I found out that port 5060 is open, why? :-/

    Disabled SIP Passthrough in WAN - NAT Passthrough but port still open.

    Please help.
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,022
    Location:
    Canada
    Make sure you run the scan from outside the network, not from inside.
     
  3. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    Did that
    Pinging from mobile over 4g
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    If you go to canyouseeme.org does it show the same IP address as that in the router's GUI (Network Map > Internet)?

    What network scanner were you using?
     
  5. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    Yes, and I'm using net analizer

    I have Asus ddns configured, I ping my address and it should not reply.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    Try scanning port 5060 from the canyouseeme.org website (from a client on your LAN) rather than using your phone. It's possible that your mobile provider is intercepting 5060 traffic and creating a false positive.
     
  7. kernol

    kernol Senior Member

    Joined:
    Feb 24, 2018
    Messages:
    426
    Location:
    South Africa
    Interesting - same thing with my RT-AC86U ... also open to ping from outside - but never used to be ???
    Only 2 big things changed since I previously confirmed ping closed - installed 384.15 and also unbound.
    Otherwise just updates to add-ons per my signature.

    @nuromen - do you have unbound installed?
     
  8. kernol

    kernol Senior Member

    Joined:
    Feb 24, 2018
    Messages:
    426
    Location:
    South Africa
    My port 5060 definitely closed - per your test suggestion - but ping open?
     
  9. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    Tested using the mencioned site, gives an error.

    Error: I could not see your service on...
     
    Last edited: Feb 17, 2020
  10. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    I do not know what unbound is :-/
     
    kernol likes this.
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    Then I'd say that your mobile provider is blocking that port. Phone companies don't want you using VoIP across their mobile internet because it conflicts with the services they are trying to sell to you.
     
    joe scian and htismaqe like this.
  12. nuromen

    nuromen Occasional Visitor

    Joined:
    Mar 23, 2019
    Messages:
    13
    So by canyouseeme port 5060 is Inaccessible.

    Now how can I configure my router to not respond to ping requests from WAN? Since in webgui no matter what I do, it do not work.
     
  13. htismaqe

    htismaqe Very Senior Member

    Joined:
    Aug 1, 2010
    Messages:
    1,733
    Location:
    Fly Over Country
    I was just going to say, port 5060 is SIP. His carrier is probably blocking it.
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    Does it respond to pings when you test it from this web site?

    https://ping.eu/ping/
     
  15. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    12,617
    RT-AX88U v384.15_0 with Unbound running and no ports open or pingable. :)
     
  16. kernol

    kernol Senior Member

    Joined:
    Feb 24, 2018
    Messages:
    426
    Location:
    South Africa
    In my case - no ping response from that site - however, had just rebooted router before test and now no ping response on Fing or Net Analyzer on iPad over mobile to DDNS name from Asus. Go figure ???
     
  17. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,022
    Location:
    Canada
    If you have another router in front (for instance if your modem is not bridged), the ping responses might be sent back by that modem, not by your Asus router.
     
  18. TonyK132

    TonyK132 Regular Contributor

    Joined:
    Jul 24, 2017
    Messages:
    191
    I just tested my 14_2 86U, and it responds to pings from this website. I am using a VPN. This is the IP address when connected to the VPN. My actual ISP IP address does not respond from this website.
     
    Last edited: Feb 17, 2020
  19. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    That's expected behaviour then.
     
  20. podkaracz

    podkaracz Regular Contributor

    Joined:
    Jul 3, 2019
    Messages:
    181
    And what if my isp ip address is responding on this website ? https://ping.eu/ping/