Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Opened Ports

  1. #1
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Opened Ports

    Hi All
    I have read a number of ports related to this topic but none seemed to apply to my situation. I could have missed one and if so please feel free to just point me to that thread.

    I did a fresh install of Untangle 8.1. I unchecked the option to view reports externally or remote administration. I added a block in all rule in the firewall. When I ran shields up, I'm seeing four open ports. They are 80, 443, 53 and 389.
    I am clueless as to why this is. I checked to make sure I had the interfaces correct. I disconnected the WAN interface and it was greyed out in interfaces, so that's right.
    Any ideas please?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Firewall rules only scan traffic through untangle (not to it). You need packet filter rules for that.

    80 and 53 and 389 are not open by default (and actually can't be opened with doing something weird on the command line). are you sure you don't have port forwards in place forwarding these ports?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Yeah something is wrong with your installation. Untangle reports 2 ports non-stealth by default. TCP 443, because of remote admin, OpenVPN client distribution, remote report viewing, and remote quarantine viewing. And TCP 22, which reports closed.

    If you see anything else open, either your installation went very wrong, you've somehow gotten it plugged in the wrong way around, or you've tinkered with the configuration.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    True but 443 is open by default, not stealthed.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Opened Ports

    Yes I am sure there are no port forwards in place. One thing happened during installation and config however that i will mention. After the install completed, I launched the client and got the wizard. During, I realized that it did not detect the intel cards for some reason so I cancelled the wizard, shut down the machine and replaced them with two 3com cards. Both exactly the same. I brought the machine back up, and configured each card. I didn't get the wizard again when I launched the client the second time. Do you think this could somehow have affected the installation and caused this?
    Here's something else, I went home and fired up Backtrack and ran a portscan against it. nmap -sT -O -T3 -P0 <IP Address> and got back a number of open ports. Listed below.

    110/tcp open pop-3
    119/tcp open nntp
    143/tcp open imap2
    389/tcp open ldap
    443/tcp open https
    465/tcp open smtps
    563/tcp open snews
    587/tcp open submission
    993/tcp open imaps
    995/tcp open pop3s
    30
    01/tcp open nessusd
    9535/tcp filtered man
    Too many fingerprints match this host for me to give an accurate OS guess
    Nmap run completed -- 1 IP address (1 host up) scanned in 950 seconds

    If there is no solution, then I guess I'll have to do a reinstall.

  6. #6
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,384

    Default

    i'm not sure how that would produce this situation (and it's definitely not normal), but if you installed and it didn't detect any NICs you're probably in re-router mode, which is unsupported and not recommended - i'd just do a reinstall with those 3com cards in the box.

  7. #7
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Opened Ports

    Well I did a reinstall and ran shields up immediately after. Things look better now. The only open port is 443 and I saw in another post how to close that.
    Thanks for the comments.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Quote Originally Posted by dmorris View Post
    True but 443 is open by default, not stealthed.
    I said non-stealthed... but there it is. Because 443 is open, and 22 is closed? Unless that changed recently.

    To the OP, glad you got it sorted out. I thought the re-router install was going away with 8.0?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Opened Ports

    Now here's a little bit more information. Everything was fine. I switched to advanced mode and ran the wizard. Immediately after I reran shields up and get the same results I had at first with all the ports open. Now, I am supposed to run the wizard when switching to advanced mode am I not, or was that a mistake?

  10. #10
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,384

    Default

    switching to advanced mode is an option; if you switch back to normal mode it forces a rerun of the wizard.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2