Forwarded port shows as "Stealth" in GRC Port checker

Hi,

I’m trying to open a port for some app in my Surf SOHO 3 (firmware 8.0.0).

  1. My Inbound Firewall Rule allows everything (Any).
  2. Port forwarding has TCP, correct port specified, WAN interface IP, Server IP is my PC’s static internal IP (as it appears in ipconfig), service is enabled.
  3. Windows Firewall allows the app’s executable through (also tried shutting it down to test).
  4. App is open and listening on that port (verified via Process Explorer).
  5. Tried changing the port, restarting the router, restarting the app
  6. Tried with and without Intrusion Detection.
  7. Tried various other online port checker tools, all show it as some form of closed/hidden/stealth

Thanks,
Ohad

Is it a standard port like 80, 443 or 4500? If it is, try using a non standard port like 3088 does that work? Sometimes ports can be in use by services on the SOHO itself so can’t be released for port forwarding till you disable the service (or move it to something else).

1 Like

Totally random, non standard, Something like 58142

To narrow down the problem, create an inbound firewall rule that allows the traffic but logs it to the event log. I do this as an audit trail on the ports that are forwarded on my Peplink devices.

And, I just tested with GRC Shields Up and my forwarded port on firmware 7.1.2 does show as OPEN.

2 Likes

You can also using Packet capture tools to check on this.

1 Like

Thank you for the suggestions.

@Michael234 - I created the following Firewall rule: Protocol=TCP, WAN=ANY, Source=ANY, Destination ANY (port X) (where X is the port I forwarded). I enabled Event Logging but after running GRC on the same port, couldn’t see anything in Status -> Event Log.

@sitloongs - I captured a PCAP file per those instructions for the GRC test, but filtering in WireShark for tcp.port == X (where X is the port I forwarded) yielded 0 results.

Thanks,
Ohad

I figured it out.

My modem is actually a router/modem combination that I switched to bridge/modem-only mode. Somehow that switch got reset and it got back to being a router, which blocked all the ports before it ever got to my Surf SOHO.

Re-activating bridge (modem) mode resolved the issue.

Thanks all!

2 Likes

For the packet capture, actually you can check the packet received at the WAN interface compare to the LAN interface.

If WAN interface is not receiving any packets, that mean the up link device actually causes the issue. You may need to check the up link device.

If WAN interface is received the packets, please check the packets sent from the LAN interface, LAN interface packets capture should show you the NATed packets.

Good to heard that you able to resolved the issue :grinning::grinning::grinning::grinning:

2 Likes