Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi
Please check the attached image for reference.
These are open port in my router. Should I keep them open? I am a regular internet user which:
browses internet
plays online games
uploads and downloads content
I am not hosting any server. Do any of these port is used by ISP for remote management (when my internet is not working)? Which of these port I can close without affecting my internet?
Thanks
Do any of these port is used by ISP for remote management (when my internet is not working)?
Ethically speaking, it is less likely.
Quote:
Which of these port I can close without affecting my internet?
If you are booting from the hard disk you don't need tftp/69, you can close this port it is needed only when you are running diskless workstation. You can also close port 23 if you access your router from a webpage URL, e.g. http://192.168.0.1 or the like. And if you are not monitoring your toaster through the network you may close port 161. So far that is acceptable in today's most connections.
Most of these ports are only enabled on LAN which means they can only be accessed from your PC, not from the internet. Even your ISP can't access them without first being given access to your PC.
The only service enabled on WAN (the internet) is ICMP which doesn't give anyone access to your PC, it only allows computers on the internet to check if your IP address is in use. A lot of home routers would have ICMP disabled by default because you usually don't need it, and if your router is not responding to pings then any attackers that are scanning the internet for targets might skip your IP address.
You definitely want to keep HTTP enabled on LAN because that is how you access your router to check and change settings.
The ports shown on the screenshot are just for the services running on the router, and they are only turned on for your local PC (apart from ICMP). This is not the firewall settings like most people here seem to think. You don't want to turn off port 80 because that is the easiest way to access the settings for your router, if you turn that off you won't be able to look at your router settings any more.
Turning off port 21 on the menu in the screenshot won't change anything for you download/uploading on the internet, it will only stop you being able to connect to port 21 on your router to upload/download from your router.
The ports shown on the screenshot are just for the services running on the router, and they are only turned on for your local PC (apart from ICMP). This is not the firewall settings like most people here seem to think. You don't want to turn off port 80 because that is the easiest way to access the settings for your router, if you turn that off you won't be able to look at your router settings any more.
Turning off port 21 on the menu in the screenshot won't change anything for you download/uploading on the internet, it will only stop you being able to connect to port 21 on your router to upload/download from your router.
Please elaborate last line "upload/download form your router" what does that mean? and how it is different from uploading/downloading from internet? Does it include connecting to my mobile via ftp?
Regards
Please elaborate last line "upload/download form your router" what does that mean? and how it is different from uploading/downloading from internet? Does it include connecting to my mobile via ftp?
Regards
If you FTP to your router from your pc you may be able to download the configuration or to upload a system upgrade to your router. This is something you would normally do with http on port 80 since it is easier for normal users.
This is not a firewall setting so it would have nothing to do with connecting to FTP on your mobile. If you wanted to allow or restrict access to an FTP server running on your mobile you would do this in the firewall/NAT section of your router configuration.
It is a custom made router by ISP and it did not provide any manual.
Also close port 80?
Well, that cinches it down a bit. Thanks.
Closing 80 should not affect your browsing experience, unless you are serving http content.
The router could be serving content, but deny it down by closing port 80...?
Your ISP surely has it set to re-open on restart/reboot/reset if they need/require it to be open.
Yes. Summary is:
Closing all these ports would not affect browsing, uploading/download
However, if one want access to router through browser then port 80 should be enabled.
So port 80 is one the most important here
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.