Open wan ports TL-ER7206
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi,
I just setup my ER7206 and im managing it from a omada oc200. I did a off site port scan and have this ports open (wan):
53/udp open|filtered domain
111/udp open|filtered rpcbind
192/udp open|filtered osu-nms
502/udp open|filtered mbap
539/udp open|filtered apertus-ldp
989/udp open|filtered ftps-data
im new in the omada ecosystem and wonder whats the best approach to stop this ports being accesible from the internet (wan). I dont really mind if the ports are seen from the lan side.
Any extra sugested actions to "secure" my ER7206?
Thanks :-)
Hi @azarug
Thanks for posting in our business forum.
I find something not true in your statement.
First, ER7206 V2 has the latest firmware release in Jan 2024. Is your model ER7206 V1 or V2?
Second, I did a test on ER7206 V1's latest firmware in Dec 2023, this does not reveal any ports open.
You may share your nmap result here and mosaic partially if your IP is a public one.
Hi, thanks for the quick reply and all the efford used in helping.
About model and firmware version ive misled using a specific date, i just met "latest" at a specific day to avoid misleading in future dates.
About the port scan its a WAN to WAN scan. But i just noticed that the Linux scan returns different results from the Windows scan. Im not sure its due to using 2 different ISP in the scan or not. Its a simple nmap using the same parameters "nmap -sS -sU -T4 -A -v {router_public_wan_ip}".
At this moment im not sure if its a nmap windows/linux thing or a isp thing.
Anyways, is there a way to fine tune the firewall im a omada setup?
Thanks
Hi @azarug
Thanks for posting in our business forum.
azarug wrote
Hi, thanks for the quick reply and all the efford used in helping.
About model and firmware version ive misled using a specific date, i just met "latest" at a specific day to avoid misleading in future dates.
About the port scan its a WAN to WAN scan. But i just noticed that the Linux scan returns different results from the Windows scan. Im not sure its due to using 2 different ISP in the scan or not. Its a simple nmap using the same parameters "nmap -sS -sU -T4 -A -v {router_public_wan_ip}".
At this moment im not sure if its a nmap windows/linux thing or a isp thing.
Anyways, is there a way to fine tune the firewall im a omada setup?
Thanks
So, from a WAN scan, testing the same WAN interface, in both Linux or Windows scans, they show ports like 53, 363, 559 and 773 open? And the result is consistent?
I gotta confirm this before I make my next move.
Do you have any port forwarding set on your router? Paste a screenshot.
The WAN does not matter because two WANs are getting two different IPs. I am simply using the scan instead of traceroute on the nmap and the result shows no port opened.
If possible and necessary, are you willing to debug with us? Which I need to know your time zone and your available time during the workdays. I need to check if we have a suitable time.