Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 16
Registered: ‎10-12-2011
Accepted Solution

USG Firewall Issue - USG ports open, custom ports closed...

The USG is working quite well in most regards, but I am having an issue with port forwarding. I have added the port forwarding rules and they look to be correct. The main issue is that when I scan the ports on the WAN IP I get all of the USG ports that are showing up such as 22, 53, 80, 443 and 843. It also looks like I have access to the USG from outside the network by using the WAN ip. I have looked all throughout the software to find a location to disable these USG ports, but am unable to find a place to do so. So, this issue is that the ports I am trying to open are not opening and the ports I want to close will not close.

 

What am I missing?

How do I fix?


Accepted Solutions
Ubiquiti Employee
Posts: 6,592
Registered: ‎01-28-2013
Kudos: 6677
Solutions: 565
Contributions: 20

Re: USG Firewall Issue - USG ports open, custom ports closed...

[ Edited ]

smartwirehomes wrote:

I currently have the same problem with port forwarding and really need to have this sorted. 

 

some help please.....


This was fixed in 4.6.3. The current release as of this time is 4.6.6, see HERE.

 

Cheers,

Mike

UBNT_Alternate_Logo.png

View solution in original post


All Replies
Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

Are you connected to a different network when you try the scan, or the same network and just trying to scan the external address?

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

Yes I was. When I tried from outside the network, port 80 appears open, but the other two ports that I have open do not show to be open. When I try and access any device from outside the network the page just hangs and does not load. 

Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

How is your USG connected to the internet?  Do you have a PPPoE modem on the WAN port? 

 

I've just tried scanning my IP with ShieldsUp! from grc.com, only port 80 and port 443 are open (both of which I've opened in the firewall on the USG) in the first 1024 ports.  The USG responds to pings on the WAN port, which I'd rather it didn't.

 

Cheers,

Andrew

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

 

 

My problem is that I have two devices behind the USG with open ports. One is using ports 80 & 9000 and the other is using port 8800. The USG is connected to Verizon FiOS directly to the NIB and is getting a WAN ip via DHCP. The USG responds to a ping on any ports, but neither of the devices are accessible from outside the network. My port scan tool shows that only port 80 is open, but I do not get a webpage when I try and access it. I am sooooooo confused. It feels like its my first time to do networking, hah.

Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

Can you post the port forwarding settings that you've made in the controller?

SuperUser
Posts: 17,429
Registered: ‎09-17-2013
Kudos: 4347
Solutions: 1229

Re: USG Firewall Issue - USG ports open, custom ports closed...

@andyc - just add a firewall rule in WAN_LOCAL to drop ICMP packets. No more responding to ping.
Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

Thanks - good idea.  It would be good to see the option in the web GUI too.

 

Cheers,
Andrew

SuperUser
Posts: 17,429
Registered: ‎09-17-2013
Kudos: 4347
Solutions: 1229

Re: USG Firewall Issue - USG ports open, custom ports closed...

Adding firewall rules isn't part of the USG Web UI?

 

Or do you mean "checkbox option, like with Linksys/D-Link/etc. routers"?

 

Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

[ Edited ]

You can add port forwarding, but not general firewall rules.  It has the same CLI as the EdgeRouters, so you can add the rule to WAN_LOCAL via the CLI and dump the config into a file on the UniFi controller, but not in the web UI.

 

Cheers,
Andrew

SuperUser
Posts: 17,429
Registered: ‎09-17-2013
Kudos: 4347
Solutions: 1229

Re: USG Firewall Issue - USG ports open, custom ports closed...


andyc wrote:

You can add port forwarding, but not general firewall rules.  It has the same CLI as the EdgeRouters, so you can add the rule to WAN_LOCAL via the CLI and dump the config into a file on the UniFi controller, but not in the web UI.

 

Cheers,
Andrew


ew, glad I got the ERL then Smiley Very Happy

Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

I think that the USG controller software is a bit of a "work in progress" - I think the official term is "Initial Release".  

 

The device is capable of much the same stuff as the ERL, but the web GUI doesn't yet expose much of the functionality. I imagine that it will never have the level of customisation in the UI that the CLI gives, but I imagine it will get more with subsequent releases.

 

Cheers,

Andrew

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

So do you think that a firewall is what is causing issues in this system? Do the firewall ports get opened automatically when port forwarding is done on the UniFi/USG like it is done on the ERL? I am trying to get a screen shot now through a teamviewer connection.

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

Here is a screenshot of the port forwarding rules.

Screenshot 2014-11-29 12.13.43.png
Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

The port forwarding rule does both so that bit is okay.  Just to make sure, you can access these devices when connected locally to the network right?

 

If you can, the next thing to do would be to change the port forwarding for the port 80 one to something else (e.g. use port 90 and forward it to port 80 internally), just in case your ISP stops port 80 from being used, to stop you from running your own webserver.

 

Cheers,
Andrew

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

I can access both of these devices while on the network. If port 80 was blocked, then I would still be able to access the irrigation controller on port 8800. What else should I try?
Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

Were these devices accessible over the internet prior to putting the USG in (i.e. with your previous cable router)?

 

New Member
Posts: 16
Registered: ‎10-12-2011

Re: USG Firewall Issue - USG ports open, custom ports closed...

Yes.
Senior Member
Posts: 3,726
Registered: ‎09-26-2013
Kudos: 926
Solutions: 263

Re: USG Firewall Issue - USG ports open, custom ports closed...

Not sure what to suggest in that case - I have port forwards on my USG and they work as expected.

 

What is the firmware version of the USG?  You can see it on the devices page of the controller. Is it 4.2.2.4717456?

 

Cheers,
Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

Just to chime in.  I have created port forwarding rules for some IP cameras on my USG and the first 3 work perfectly, but everything after that won't work.  I have deleted and re-done them all.  Everything was working with my previous set up and the router is the only change.

Reply