Forwarded port shows as "Stealth" in GRC Port checker

#1

Hi,

I’m trying to open a port for some app in my Surf SOHO 3 (firmware 8.0.0).

  1. My Inbound Firewall Rule allows everything (Any).
  2. Port forwarding has TCP, correct port specified, WAN interface IP, Server IP is my PC’s static internal IP (as it appears in ipconfig), service is enabled.
  3. Windows Firewall allows the app’s executable through (also tried shutting it down to test).
  4. App is open and listening on that port (verified via Process Explorer).
  5. Tried changing the port, restarting the router, restarting the app
  6. Tried with and without Intrusion Detection.
  7. Tried various other online port checker tools, all show it as some form of closed/hidden/stealth

Thanks,
Ohad

#2

Is it a standard port like 80, 443 or 4500? If it is, try using a non standard port like 3088 does that work? Sometimes ports can be in use by services on the SOHO itself so can’t be released for port forwarding till you disable the service (or move it to something else).

1 Like
#3

Totally random, non standard, Something like 58142

#4

To narrow down the problem, create an inbound firewall rule that allows the traffic but logs it to the event log. I do this as an audit trail on the ports that are forwarded on my Peplink devices.

And, I just tested with GRC Shields Up and my forwarded port on firmware 7.1.2 does show as OPEN.

2 Likes
#5

You can also using Packet capture tools to check on this.

1 Like
#6

Thank you for the suggestions.

@Michael234 - I created the following Firewall rule: Protocol=TCP, WAN=ANY, Source=ANY, Destination ANY (port X) (where X is the port I forwarded). I enabled Event Logging but after running GRC on the same port, couldn’t see anything in Status -> Event Log.

@sitloongs - I captured a PCAP file per those instructions for the GRC test, but filtering in WireShark for tcp.port == X (where X is the port I forwarded) yielded 0 results.

Thanks,
Ohad