[SOLVED] port forwarded a port then removed the rule but the port is still open

[tziogasjohn50]

My router is zyxel AMG1302-T11C. I wanted to test a server on port 5555 so I went to my router's admin panel and added a new rule for port 5555. After I was done, I deleted the rule but I ran a nmap scan just in case and I see that port 5555 is open on my router. Is this dangerous? How can I close it?

 

[Deleted member 14196]

Just a guess but maybe you have to restart the router

 

[tziogasjohn50]

Just a guess but maybe you have to restart the router

I already did that

 

[Deleted member 14196]

Have you tried resetting router to default settings

 

[tziogasjohn50]

Have you tried resetting router to default settings

that didn't work either

 

[Deleted member 14196]

maybe the network gurus can help. if a hard default reset and power down don't do the trick them maybe that unit is faulty

 

[tziogasjohn50]

maybe the network gurus can help. if a hard default reset and power down don't do the trick them maybe that unit is faulty

If you mean iptables -F and iptables -X that also didn't work

 

[Ralston18]

From where are you running the nmap scan?

Open Powershell (as Admin) and run the following cmdlet:

Get-NetTCPConnection

Does Port 5555 appear in the results? State?

 

[tziogasjohn50]

From where are you running the nmap scan?

Open Powershell (as Admin) and run the following cmdlet:

Get-NetTCPConnection

Does Port 5555 appear in the results? State?

I'm running nmap from a linux vm with bridged adapter and port 5555 doesn't appear anywhere in the results.

 

[Ralston18]

Just to clarify:

Powershell results are not listing Port 5555 - correct?

And the Linux vm results are showing that Port 5555 is open on the server - correct?

Going out of my comfort zone now so I will need to defer to others who can offer additional insight.

 

[kanewolf]

My router is zyxel AMG1302-T11C. I wanted to test a server on port 5555 so I went to my router's admin panel and added a new rule for port 5555. After I was done, I deleted the rule but I ran a nmap scan just in case and I see that port 5555 is open on my router. Is this dangerous? How can I close it?

For the port to show "OPEN" you would have to run the port scan from a location on the WAN side of the router, have the port forwarded, AND have something listening on that port. If any of those is not true, then the port is not open. A factory reset of the router will remove any port forward rules. You should ensure that UPNP is disabled on the router to ensure there are no "automatically" opened forwards.

 

[tziogasjohn50]

For the port to show "OPEN" you would have to run the port scan from a location on the WAN side of the router, have the port forwarded, AND have something listening on that port. If any of those is not true, then the port is not open. A factory reset of the router will remove any port forward rules. You should ensure that UPNP is disabled on the router to ensure there are no "automatically" opened forwards.

I disabled upnp and still nothing... Could it be possible that port 5555 is always open by default and I shouldn't care about it?

 

[kanewolf]

I disabled upnp and still nothing... Could it be possible that port 5555 is always open by default and I shouldn't care about it?

Are you doing the port scan from the WAN side of the router?

 

[tziogasjohn50]

Are you doing the port scan from the WAN side of the router?

yes

 

[kanewolf]

yes

Then I don't have a reccomendation. If a factory reset of the router didn't remove the port forward, I don't have a nsxt step recommendation.