Unknown service with TCP port open on the WAN interface of the router

[collations_interrena]

Hello,

I just finished configuring my new RT-BE86U with the last merlin firmware for it (3006.102.5) and after installing RTRMON with AMTM, I've runned a diagnostic for "fun" and here are the results for the Nmap port scan

I don't understand why the 8083 tcp port is open on my WAN interface (and also on the LAN interface). I can telnet it from the router itself and something is running. But I don't know what to do next.
How can I know why this port is open? Is it even normal? My guess is the router should not be exposed to the web with an open port and the WAN side. I'm not using any service like airdisk or aircloud (everything is disabled in the gui)

Also, yes I know, I have a private IP on the WAN, it's because I'm on a double NAT situation with a router from my ISP in front of the BE86U.
For now, the BE86U is not exposed anyway because of this but I was planning to make all the traffic going directly toward the Asus.

I woud appreciate any help about this concern.

 

[dave14305]

Run:

netstat -nltp | grep :8083

to see what process is listening.

Then see if you can reach the port from the 192.168.1.0 subnet instead of from the router itself. The firewall will block traffic from the WAN port, so running nmap on the router can be misleading.

 

[collations_interrena]

The result of netstat :

tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN 3797/uamsrv

I can't test to reach the port from the subnet 192.168.1.0 itself because I can't do much from my ISP router directly

 

[jacklul]

iptables -L -nv --line-numbers | grep 8083

If you can't see any rule related to this port then you're good, default policy is to BLOCK everything unless ACCEPT rule is present.
Sometimes a program listens on all network interfaces (0.0.0.0) but internally filters out packets, only accepting those from specific sources it’s configured to allow.

 

[collations_interrena]

No result in iptables for 8083
Also, I've found a file "uamsrv.conf" and a folder "uamsrv" inside /tmp

I'm unsure yet if it's related to captive portal (I've seen this, while looking for more information) but I don't have any captive portal active (but maybe the daemon still run anyway?)

 

[collations_interrena]

Seem very related to captive portal.
Inside "/tmp/uamsrv/www" folder, there is a uam.html and Bypass.html and both are mentioning it

Did I miss something to deactivate it? I don't it's active. Maybe the daemon still running anyway

 

[dave14305]

No result in iptables for 8083

Check all tables by running:

iptables-save -c | grep 8083

If it’s there, it would probably be used in the NAT table.

 

[collations_interrena]

No result at all