My Republic Closed Ports

Forums › New Zealand Broadband › My Republic Closed Ports

meetmarvin

14 posts

Geek

#272906 23-Jul-2020 19:30

Hi,

I just want to ask if anyone here can confirm if all ports are open if you avail static public IP from MyRepublic?

I'm sure that the port from my firewall is open but I can't access it from the internet. I talked to them via live chat but still not very helpful. Any help will be appreciated. Thank you in advance!

1 | 2

8950 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2527897 23-Jul-2020 19:37

Hi what's your router reporting for a wan address, please mask or obscure the last two octets, and what does a Google of what's my ip address return.

Cyril

MightyApe

You will find anything you want at MightyApe (affiliate link).

meetmarvin

14 posts

Geek

#2527898 23-Jul-2020 19:43

Hi Cyril,

My public IP is 158.140.XXX.XXX

Port Scan:
https://www.ipvoid.com/port-scan/

IP: 158.140.231.234
Port: 2200

Port Scanning Results

Port
Type
Status
Service

2200
TCP
Filtered
ici

Thanks!

sparkz25

750 posts

Ultimate Geek
Inactive user

#2527900 23-Jul-2020 19:52

What router are you using?

meetmarvin

14 posts

Geek

#2527940 23-Jul-2020 20:22

barebone mini server running pfsense

nztim

2834 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2527959 23-Jul-2020 21:33

have you created a nat rule as well as firewall rule?

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

hio77

'That VDSL Cat'
12984 posts

Uber Geek

ID Verified

Trusted

Voyager

Subscriber

#2527968 23-Jul-2020 21:48

nztim: have you created a nat rule as well as firewall rule?

Double check this, pfsense isn't exactly the easiest of interfaces.

However, i'd also recommend you check your IP address on the WAN interface matches what you go from that IP site.

last i checked myrepublic is CGNAT by default, which would likely be why opening ports isn't working.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

clinty

1129 posts

Uber Geek

Lifetime subscriber

#2527974 23-Jul-2020 21:54

meetmarvin:
Hi,

I just want to ask if anyone here can confirm if all ports are open if you avail static public IP from MyRepublic?

I'm sure that the port from my firewall is open but I can't access it from the internet. I talked to them via live chat but still not very helpful. Any help will be appreciated. Thank you in advance!

Our connectionhas all ports open

Clint

cyril7

8950 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2528001 24-Jul-2020 07:14

Hi, I did an nmap of that IP and all ports are filtered, but that could be pfsense blocking.

So just to clarify, you say you ordered a static IP, is that correct, because by default MR use CG-NAT which will prevent you from allowing inbound connection initiation, however if you are on a static IP it will allow you to do so.

the 158.140.x.x address, is that what is reported by googling "whats my ip address" or is that what is reported in your router as the IP issued by MR via DHCP, this may be different, hence I asked for both, if the DHCP issued address is in the subnet 100.64.0.0/10 then you are on CG-NAT.

Cyril

meetmarvin

14 posts

Geek

#2528419 24-Jul-2020 22:06

Hi, I can confirm that the test port is reaching my firewall.

From pfsense, I did a tcpdump and I saw my test port

21:50:42.439730 IP 157.230.182.101.41697 > 158.140.231.234.2200: Flags [S], seq 3692940987, win 1024, options [mss 1460], length 0
21:50:43.440579 IP 157.230.182.101.41698 > 158.140.231.234.2200: Flags [S], seq 3692875450, win 1024, options [mss 1460], length 0

I also check the realtime firewall log from GUI and it is showing that

Thank you all for your help. I'm happy to close this thread now.

Cheers!

meetmarvin

14 posts

Geek

#2529222 27-Jul-2020 02:26

clinty:
meetmarvin:

Hi,

I just want to ask if anyone here can confirm if all ports are open if you avail static public IP from MyRepublic?

I'm sure that the port from my firewall is open but I can't access it from the internet. I talked to them via live chat but still not very helpful. Any help will be appreciated. Thank you in advance!

Our connectionhas all ports open

Clint

Hi Clint,

Thank you again for your help. I thought that everything is good but still no luck. The weird thing is port 2600 and port 2601 are open. All other ports are filtered. So I'm thinking that the problem is the return traffic.

Please see below:

--------------------------
Port scan result (https://www.ipvoid.com/port-scan/):

--------------------------
TCPdump:

--------------------------
pfSense firewall rules:

--------------------------
pfSense firewall log:

I hope someone can help me resolve this issue. Thank you very much in advance!

cyril7

8950 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2529227 27-Jul-2020 06:48

Hi, ummmmm, not used pfsense before, but drag rule three to the top above the two drop rules, I also presume you have put in a nat rule to tell the router where to forward port 2200 traffic to.

Cyril

hio77

'That VDSL Cat'
12984 posts

Uber Geek

ID Verified

Trusted

Voyager

Subscriber

#2529229 27-Jul-2020 07:04

Looks like your missing the Nat rule. You have allowed the port in the firewall. But not told the router where to pass that data to.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

meetmarvin

14 posts

Geek

#2529299 27-Jul-2020 10:25

cyril7:

Hi, ummmmm, not used pfsense before, but drag rule three to the top above the two drop rules, I also presume you have put in a nat rule to tell the router where to forward port 2200 traffic to.

Cyril

Hi Cyril, I can't move rule 3 since the first two rules are default. Editing rule 3 to port 2601 is working so I know that the arrangement is right. I don't have a NAT rule since the port number I want to use is for uptime monitoring. I don't want to use ICMP because of possible DoS to my firewall.

Thank you very much!

meetmarvin

14 posts

Geek

#2529301 27-Jul-2020 10:29

hio77: Looks like your missing the Nat rule. You have allowed the port in the firewall. But not told the router where to pass that data to.

Hi,

I don't have a NAT rule since I will not use port forwarding. That is for uptime monitoring. The thing that confused me is when I tried port 2600 and port 2601, it worked. Other than those ports, All ports I tried didn't work

Thank you!

hio77

'That VDSL Cat'
12984 posts

Uber Geek

ID Verified

Trusted

Voyager

Subscriber

#2529377 27-Jul-2020 11:43

meetmarvin:
hio77: Looks like your missing the Nat rule. You have allowed the port in the firewall. But not told the router where to pass that data to.

Hi,

I don't have a NAT rule since I will not use port forwarding. That is for uptime monitoring. The thing that confused me is when I tried port 2600 and port 2601, it worked. Other than those ports, All ports I tried didn't work

Thank you!

But if your opening the port but not giving it anything to connect to... How's that going to monitor uptime?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1 | 2