Dyndns default port 80 is open

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
andrea_m83
DD-WRT User


Joined: 16 Jun 2020
Posts: 50

PostPosted: Mon Aug 30, 2021 23:38    Post subject: Dyndns default port 80 is open Reply with quote
Hi everyone, I need to reach the web gui of my router remotely on a port other than 80. even disabling the remote access from "Administration-> Management", this port remains open, while the non-standard port 8888 closes. How can I avoid accessing the web management only with my dyndns.org address (80)?

My router is a Netgear r67000v3 whith firmware DD-WRT v3.0-r46854 std
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 9596
Location: Netherlands

PostPosted: Tue Aug 31, 2021 9:35    Post subject: Reply with quote
Do what all security aware users are doing when they want to remotely access their router or LAN: Use OpenVPN or WireGuard

Furthermore there are no ports open unless you open them.

DynDNs has nothing to do with ports, it just gives you your WAN IP address

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 524
Location: Earth

PostPosted: Tue Aug 31, 2021 9:46    Post subject: Re: Dyndns default port 80 is open Reply with quote
andrea_m83 wrote:
Hi everyone, I need to reach the web gui of my router remotely on a port other than 80. even disabling the remote access from "Administration-> Management", this port remains open, while the non-standard port 8888 closes. How can I avoid accessing the web management only with my dyndns.org address (80)?

My router is a Netgear r67000v3 whith firmware DD-WRT v3.0-r46854 std


Regarding port 80 being open, i assume you're referring to Enable site info being enabled, simply disable this, not sure why this is still enabled as a default setting, must be a reason but seems odd to me.
Administration>Web Access> Enable info Site Disable
or if you have had port 80 make sure you have disabled it in Remote access.
to reach your domain on a different port eg: http://mydomain.com:port
But as egc has already pointed out having ports open is not really safe and your far better running a vpn server on the router and vpn client on devices connecting to the sever. egc has written some great tuto's in sticky section https://forum.dd-wrt.com/phpBB2/viewforum.php?f=53

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 For IoT Devices With 3 x Linksys velop Bridged mesh Nodes (Amazon Echos, smart TV's, etc.)
BT Whole Home 4 Node Mesh Wi-Fi, Router Wi-Fi Disabled. OVPN Server With Paid OVPN client & Wireguard Client.
Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 12439
Location: Texas, USA

PostPosted: Tue Aug 31, 2021 18:18    Post subject: Re: Dyndns default port 80 is open Reply with quote
foz111 wrote:
Regarding port 80 being open, i assume you're referring to Enable site info being enabled, simply disable this, not sure why this is still enabled as a default setting, must be a reason but seems odd to me.
Administration>Web Access> Enable info Site Disable

This should always be one of the first settings you disable besides the ttraff daemon. I really think this page should be disabled by default as well, or changed to not give out the router information, whatsoever.

_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 524
Location: Earth

PostPosted: Wed Sep 01, 2021 12:09    Post subject: Reply with quote
KP Can the ttraff daemon be flushed manually now a days using the Data Administration delete tab?
i have mine disabled but just asking as i was unsure if that was what the tab is was used for?

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 For IoT Devices With 3 x Linksys velop Bridged mesh Nodes (Amazon Echos, smart TV's, etc.)
BT Whole Home 4 Node Mesh Wi-Fi, Router Wi-Fi Disabled. OVPN Server With Paid OVPN client & Wireguard Client.
Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 3881

PostPosted: Wed Sep 01, 2021 12:28    Post subject: Reply with quote
https://forum.dd-wrt.com/wiki/index.php/Useful_Scripts#Remove_unused_NVRAM_parameters

"This script will clear all of ttraff's traffic data from nvram whereas using the ttraff GUI button to delete it still leaves the current month's variable."

Code:
for i in `nvram show | grep traff- | cut -f1 -d=""`; do nvram unset $i; done
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 524
Location: Earth

PostPosted: Wed Sep 01, 2021 12:55    Post subject: Reply with quote
I wasn't sure if that was still the case, nice 1 blkt.

blkt wrote:
https://forum.dd-wrt.com/wiki/index.php/Useful_Scripts#Remove_unused_NVRAM_parameters

"This script will clear all of ttraff's traffic data from nvram whereas using the ttraff GUI button to delete it still leaves the current month's variable."

Code:
for i in `nvram show | grep traff- | cut -f1 -d=""`; do nvram unset $i; done

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 For IoT Devices With 3 x Linksys velop Bridged mesh Nodes (Amazon Echos, smart TV's, etc.)
BT Whole Home 4 Node Mesh Wi-Fi, Router Wi-Fi Disabled. OVPN Server With Paid OVPN client & Wireguard Client.
Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 12439
Location: Texas, USA

PostPosted: Wed Sep 01, 2021 14:58    Post subject: Reply with quote
That information was added in 2012; has anyone tested to verify if that is still the case? Sorry, gotta play Devil's advocate here. I don't use that feature, but if someone wants to test it and verify, that would be great.
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware‽
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is‽
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
gin-n-tonic
DD-WRT User


Joined: 30 Jun 2014
Posts: 50
Location: California

PostPosted: Fri Sep 03, 2021 19:13    Post subject: Reply with quote
Worked for me. (Netgear WNDR3700v4 r47206, Netgear XR500 r47282)

Code:
for i in `nvram show | grep traff- | cut -f1 -d=""`; do nvram unset $i; done


[edit] Oops Embarassed Something soft-bricked my WNDR3700v4. Don't what caused that, but this was one of things I was playing with just before. [/edit]
andrea_m83
DD-WRT User


Joined: 16 Jun 2020
Posts: 50

PostPosted: Sat Sep 04, 2021 0:40    Post subject: Re: Dyndns default port 80 is open Reply with quote
foz111 wrote:
andrea_m83 wrote:
Hi everyone, I need to reach the web gui of my router remotely on a port other than 80. even disabling the remote access from "Administration-> Management", this port remains open, while the non-standard port 8888 closes. How can I avoid accessing the web management only with my dyndns.org address (80)?

My router is a Netgear r67000v3 whith firmware DD-WRT v3.0-r46854 std


Regarding port 80 being open, i assume you're referring to Enable site info being enabled, simply disable this, not sure why this is still enabled as a default setting, must be a reason but seems odd to me.
Administration>Web Access> Enable info Site Disable
or if you have had port 80 make sure you have disabled it in Remote access.
to reach your domain on a different port eg: http://mydomain.com:port
[/url]


Port 80 can still be reached by disabling the option, I don't know why.
gin-n-tonic
DD-WRT User


Joined: 30 Jun 2014
Posts: 50
Location: California

PostPosted: Sat Sep 04, 2021 3:02    Post subject: Re: Dyndns default port 80 is open Reply with quote
andrea_m83 wrote:
Port 80 can still be reached by disabling the option, I don't know why.


Just a stab in the dark here, but you are sure that you are seeing the open port on the dd-wrt router, instead of seeing an open port on your modem?
andrea_m83
DD-WRT User


Joined: 16 Jun 2020
Posts: 50

PostPosted: Sun Sep 05, 2021 20:51    Post subject: Re: Dyndns default port 80 is open Reply with quote
gin-n-tonic wrote:
andrea_m83 wrote:
Port 80 can still be reached by disabling the option, I don't know why.


Just a stab in the dark here, but you are sure that you are seeing the open port on the dd-wrt router, instead of seeing an open port on your modem?


Dyndns is under dd-wrt, on another subnet than the isp modem.
No type of port mapping is configured on the latter
lexridge
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 540
Location: WV, USA

PostPosted: Mon Sep 06, 2021 1:41    Post subject: Re: Dyndns default port 80 is open Reply with quote
andrea_m83 wrote:
gin-n-tonic wrote:
andrea_m83 wrote:
Port 80 can still be reached by disabling the option, I don't know why.


Just a stab in the dark here, but you are sure that you are seeing the open port on the dd-wrt router, instead of seeing an open port on your modem?


Dyndns is under dd-wrt, on another subnet than the isp modem.
No type of port mapping is configured on the latter

No idea if it's related or not, but I once had this problem. Both ports 22 and 80 were both opened even when they were disabled on the remote side. I had to do a full reset and manual restore in order to fix it.

_________________
Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r48741
Features in use: multiple VLANs, Samba, OpenVPN, WireGuard, Entware: mqtt, mlocate, gcc

Netgear R6250 (AP, VAP) - DD-WRT r48741
Features in use: multiple VLANs over single trunk port, multiple VAPs

Linksys EA8500 (Gateway Backup) - DD-WRT r48741

Netgear R7800 - DD-WRT r48741 - Just for fun

OSes: Fedora 34, 7x RPis (2,3,4), 16x ESP8266s: Straight from Amiga to Linux in '94. Never having owned a Windows PC.

Member #248
andrea_m83
DD-WRT User


Joined: 16 Jun 2020
Posts: 50

PostPosted: Wed Sep 08, 2021 22:54    Post subject: Re: Dyndns default port 80 is open Reply with quote
lexridge wrote:
No idea if it's related or not, but I once had this problem. Both ports 22 and 80 were both opened even when they were disabled on the remote side. I had to do a full reset and manual restore in order to fix it.


Not works for me...I am really amazed by this issue! Shocked
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 524
Location: Earth

PostPosted: Thu Sep 09, 2021 9:49    Post subject: Re: Dyndns default port 80 is open Reply with quote
andrea_m83 wrote:
lexridge wrote:
No idea if it's related or not, but I once had this problem. Both ports 22 and 80 were both opened even when they were disabled on the remote side. I had to do a full reset and manual restore in order to fix it.


Not works for me...I am really amazed by this issue! Shocked


So your saying after a factory reset (and not restored your settings) you've disabled site info and checked UPNP is disabled (which it should be i believe after a factory reset) and you can still reach your router login page?
Is this the main router?
If so check your modem i would suggest.

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 For IoT Devices With 3 x Linksys velop Bridged mesh Nodes (Amazon Echos, smart TV's, etc.)
BT Whole Home 4 Node Mesh Wi-Fi, Router Wi-Fi Disabled. OVPN Server With Paid OVPN client & Wireguard Client.
Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum