Posted: Wed Sep 02, 2020 21:17 Post subject: Open firewall ports when upgrading build
Hi, I've flashed a WRT54G2v1 and a WRT54 V6 with v24-sp2-14929 (08/12/10) micro . After upgrading to 40189 or v3.0-r43516 micro generic (following users that reported success use as AP) I'm finding firewall is not working well as gateways. If I revert to 14929, all ports shows as stealth.
I've tested with https://www.grc.com/shieldsup that shows open ports (80 and 53). Settings are pretty stock, no port forwarding or UPNP. I'm attaching a picture of results.
Prior and after flashing, factory reset is always applied.
If one of them were put to work as AP only, is it better to stay on 14929 or to upgrade (question here is if with the upgrade it's actually failing or not).
Thanks for your help!
SHUP.png
Description:
Filesize:
37.43 KB
Viewed:
3271 Time(s)
Last edited by ohnoo on Fri Sep 11, 2020 19:10; edited 1 time in total
Not clear from your post if this router is configured as a router (w/ active WAN), or configured as a WAP (w/ WAN disabled). If it's the latter, then its firewall is irrelevant. A WAP is bridged to the existing network, and any reports from Shields Up are only reporting the results of the upstream WAN of the primary router.
Hi, both routers were tested as gateways routers. I want to know:
1- If it's possible to run a build newer than 14929 as a gateway with a solid firewall (provided I'm right in concluding there's a flaw, having used the testing method mentioned above)
2- One of them will be used as WAP only (WRT54G V6), then I guess to avoid Krack vulnerability I should upgrade to the newest build possible?
I ran the test on both units just to rule out a hardware faillure.
Always a good idea to use the latest firmware, esp. if the router will be configured as a router. When configured as a WAP, it's usually less critical, but still a good idea, esp. if there are known wifi vulnerabilities w/ the old firmware.
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Sep 03, 2020 7:38 Post subject:
Things have changed a lot have you done a full reset and put settings in manually?
I have multiple routers running with recent builds but none as old as your router the oldest is a Linksys E2000 so of course it could be something specific for your router (Linux K 2.4) in that case you should file a bug report
Code:
GRC Port Authority Report created on UTC: 2020-09-03 at 07:33:18
Things have changed a lot have you done a full reset and put settings in manually?
Yes, factory resets before and after flashing, power cycle, manual settings, Waterfox explorer.
I know they are old, I was working with an e900, but it´s bricked in a way serial recovery is useless (all lights solid and dimmed on) so I went on with these two oldies. If they are still supported I´ll search how to file a bug report. If not, I´ll leave them just for AP.
Joined: 06 Jun 2006 Posts: 7463 Location: Dresden, Germany
Posted: Fri Sep 18, 2020 8:05 Post subject: Re: Open firewall ports when upgrading build
ohnoo wrote:
Hi, I've flashed a WRT54G2v1 and a WRT54 V6 with v24-sp2-14929 (08/12/10) micro . After upgrading to 40189 or v3.0-r43516 micro generic (following users that reported success use as AP) I'm finding firewall is not working well as gateways. If I revert to 14929, all ports shows as stealth.
I've tested with https://www.grc.com/shieldsup that shows open ports (80 and 53). Settings are pretty stock, no port forwarding or UPNP. I'm attaching a picture of results.
Prior and after flashing, factory reset is always applied.
If one of them were put to work as AP only, is it better to stay on 14929 or to upgrade (question here is if with the upgrade it's actually failing or not).
Thanks for your help!
not much info about your firewall configuration _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Joined: 06 Jun 2006 Posts: 7463 Location: Dresden, Germany
Posted: Fri Sep 18, 2020 9:27 Post subject:
bug found and fixed. will be included in next release. usually already today _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
bug found and fixed. will be included in next release. usually already today
I tried to get iptables status but neither the web interface nor the telnet cli works. Firewall configuration haven't been changed from factory.
Update:I've read your reply in the svn ticket https://svn.dd-wrt.com/ticket/7234#no2
So iptables don't produce output on micros for it's own limitations. Is there another way to get that?
Thanks for your help. I'll wait for that and report further tests.
bug found and fixed. will be included in next release. usually already today
Sorry for the n00b question. The changeset for this fix is 44407, but the build for Sept 18, 2020 is r44406; changeset 44406 is dated Sept 17. Is r44406 just a reference point?
Last edited by js290 on Sat Sep 19, 2020 1:10; edited 2 times in total
Posted: Sat Sep 19, 2020 1:08 Post subject: Re: Open firewall ports when upgrading build
ohnoo wrote:
Hi, I've flashed a WRT54G2v1...
I've also been testing dd-wrt on the WRT54G2v1. The one I have is horrible for latency sensitive apps like RDP, which I noted in this thread. Web surfing and streaming seems fine. What's your experience with your G2?
BTW, I'm running v3.0-r44251 micro (08/27/20) on my G2. I ran nmap against the WAN interface, and I'm not seeing the port open issue you are.
Code:
# nmap -p 1-1055 10.23.21.46
Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-18 21:42 EDT
Nmap scan report for 10.23.21.46
Host is up (0.0023s latency).
Not shown: 1051 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp closed domain
80/tcp closed http
514/tcp closed shell
MAC Address: 00:21:29:D5:26:FB (Cisco-Linksys)
Nmap done: 1 IP address (1 host up) scanned in 19.09 seconds
Upgraded to v3.0-r44406 micro (09/18/20) with same nmap results (and same latency issue).