LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-24-2016, 12:33 PM   #1
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Rep: Reputation: Disabled
Router open ports


Hi
Please check the attached image for reference.
These are open port in my router. Should I keep them open? I am a regular internet user which:
browses internet
plays online games
uploads and downloads content
I am not hosting any server. Do any of these port is used by ISP for remote management (when my internet is not working)? Which of these port I can close without affecting my internet?
Thanks
Attached Thumbnails
Click image for larger version

Name:	openports.png
Views:	46
Size:	17.2 KB
ID:	23363  
 
Old 10-24-2016, 01:36 PM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
Do any of these port is used by ISP for remote management (when my internet is not working)?
Ethically speaking, it is less likely.

Quote:
Which of these port I can close without affecting my internet?
If you are booting from the hard disk you don't need tftp/69, you can close this port it is needed only when you are running diskless workstation. You can also close port 23 if you access your router from a webpage URL, e.g. http://192.168.0.1 or the like. And if you are not monitoring your toaster through the network you may close port 161. So far that is acceptable in today's most connections.

Hope that helps. Good luck and enjoy.

m.m.
 
Old 10-24-2016, 01:38 PM   #3
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
What about ports 21 and 80.
Some forum posts suggest that 80 can be safely closed?
Also that "ICMP"?
 
Old 10-24-2016, 01:41 PM   #4
af7567
Member
 
Registered: Nov 2012
Posts: 275

Rep: Reputation: 96
Most of these ports are only enabled on LAN which means they can only be accessed from your PC, not from the internet. Even your ISP can't access them without first being given access to your PC.

The only service enabled on WAN (the internet) is ICMP which doesn't give anyone access to your PC, it only allows computers on the internet to check if your IP address is in use. A lot of home routers would have ICMP disabled by default because you usually don't need it, and if your router is not responding to pings then any attackers that are scanning the internet for targets might skip your IP address.

You definitely want to keep HTTP enabled on LAN because that is how you access your router to check and change settings.
 
Old 10-24-2016, 01:44 PM   #5
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
Hmm... now we come to port 21 (by ftp). Why should I keep it enabled? or not?
 
Old 10-25-2016, 04:00 AM   #6
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
Originally Posted by zetrotrack000 View Post
Hmm... now we come to port 21 (by ftp). Why should I keep it enabled? or not?
You said "uploads and downloads content". Downloading might be through ftp when no http/80 is available.

Hope that helps.

m.m.
 
Old 10-25-2016, 05:50 AM   #7
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
Hmm... Thanks a lot
 
Old 10-25-2016, 06:13 AM   #8
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
How about Read the Router documentation?
I have a router and only one of those ports is open and forwards to a Virtualbox.local.
My stuff works.

Leave 22 open, the rest, I'd close.

Last edited by Habitual; 10-25-2016 at 06:16 AM.
 
1 members found this post helpful.
Old 10-25-2016, 06:27 AM   #9
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
It is a custom made router by ISP and it did not provide any manual.
Also close port 80?

Last edited by zetrotrack000; 10-25-2016 at 07:18 AM.
 
Old 10-25-2016, 07:30 AM   #10
af7567
Member
 
Registered: Nov 2012
Posts: 275

Rep: Reputation: 96
The ports shown on the screenshot are just for the services running on the router, and they are only turned on for your local PC (apart from ICMP). This is not the firewall settings like most people here seem to think. You don't want to turn off port 80 because that is the easiest way to access the settings for your router, if you turn that off you won't be able to look at your router settings any more.

Turning off port 21 on the menu in the screenshot won't change anything for you download/uploading on the internet, it will only stop you being able to connect to port 21 on your router to upload/download from your router.
 
Old 10-25-2016, 07:33 AM   #11
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by af7567 View Post
The ports shown on the screenshot are just for the services running on the router, and they are only turned on for your local PC (apart from ICMP). This is not the firewall settings like most people here seem to think. You don't want to turn off port 80 because that is the easiest way to access the settings for your router, if you turn that off you won't be able to look at your router settings any more.

Turning off port 21 on the menu in the screenshot won't change anything for you download/uploading on the internet, it will only stop you being able to connect to port 21 on your router to upload/download from your router.
Please elaborate last line "upload/download form your router" what does that mean? and how it is different from uploading/downloading from internet? Does it include connecting to my mobile via ftp?
Regards
 
Old 10-25-2016, 08:07 AM   #12
af7567
Member
 
Registered: Nov 2012
Posts: 275

Rep: Reputation: 96
Quote:
Originally Posted by zetrotrack000 View Post
Please elaborate last line "upload/download form your router" what does that mean? and how it is different from uploading/downloading from internet? Does it include connecting to my mobile via ftp?
Regards
If you FTP to your router from your pc you may be able to download the configuration or to upload a system upgrade to your router. This is something you would normally do with http on port 80 since it is easier for normal users.

This is not a firewall setting so it would have nothing to do with connecting to FTP on your mobile. If you wanted to allow or restrict access to an FTP server running on your mobile you would do this in the firewall/NAT section of your router configuration.
 
Old 10-25-2016, 08:08 AM   #13
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
Thanks a lot
 
Old 10-25-2016, 08:09 AM   #14
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by zetrotrack000 View Post
It is a custom made router by ISP and it did not provide any manual.
Also close port 80?
Well, that cinches it down a bit. Thanks.
Closing 80 should not affect your browsing experience, unless you are serving http content.
The router could be serving content, but deny it down by closing port 80...?
Your ISP surely has it set to re-open on restart/reboot/reset if they need/require it to be open.

Have at it, there's always reset.

Last edited by Habitual; 10-25-2016 at 08:14 AM.
 
Old 10-25-2016, 08:12 AM   #15
zetrotrack000
Member
 
Registered: Dec 2011
Posts: 401

Original Poster
Rep: Reputation: Disabled
Yes. Summary is:
Closing all these ports would not affect browsing, uploading/download
However, if one want access to router through browser then port 80 should be enabled.
So port 80 is one the most important here
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unknown ports open on my home router samwise17 Linux - Wireless Networking 7 04-07-2008 06:44 PM
Testing open ports, behind a router sekelsenmat Linux - Networking 7 06-28-2005 09:50 AM
How to open ports on D-Link router TazG Linux - Hardware 6 07-20-2004 04:42 PM
Stealthing Open Router Ports ghight Linux - Security 8 02-19-2004 11:05 AM
open ports on a router? riddlebox80 Linux - Hardware 3 04-21-2003 09:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration