cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Firewall issue

Dan_the_Van
Pro
Posts: 623
Thanks: 90
Fixes: 11
Registered: ‎25-06-2007

Re: Plusnet Firewall issue

other ports such as 50000 would be blocked too

The short answer is no they wouldn't

When a application establishes a remote connection it uses an random port between 49152 to 65535 to contact the port the application is listening to, for a web browser http is 80 and https is 443, example of my pc with https connection

TCP 192.168.1.106:58908        34.120.67.236:443      ESTABLISHED
So the link established between the two hosts is port 58908 on my LAN connection to port 443 at the remote end, this connection is maintained until the application closes it. So in the above example the INBOUND connection to my network is on port 58908. This is how TCP/IP works.

Where all this can go wrong is when Modem/Router like a Hub One is connected to a second router and double NAT comes to play, not the end of the world but adds a level of confusion. Second Router could have be added to improve wifi coverage, for this the second router should be setup as a Wireless Access Point.

TCP/IP is a multi layered subject.

Dan

 

 

 

 

 

 

kissinuk
Dabbler
Posts: 18
Thanks: 3
Registered: ‎06-04-2008

Re: Plusnet Firewall issue

But surely it would be the vpn client trying to connect to 50000 which would be blocked by PN? No outbound connection from my router to the client has been established at this stage.
james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue


GRC Port Authority Report created on UTC: 2021-11-24 at 11:37:48

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
                            119, 135, 139, 143, 389, 443, 445, 
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

This is my current shieldsup results.  The current setting on plusnet account broadband firewall is "DISABLED".  Cannot change settings to any high low etc because of error message when trying to save settings.

If I initiate a new outgoing connection to BBC.  I am able to get BBC iPlayer without any problems because current setting allow ESTABLISHED and RELATED connections.

But NEW in coming connections are drop.

Previously when plusnet broadband firewall was working. Shieldsup would show https and http as open.

james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

Would be grateful if you could test changing and saving your plusnet firewall settings. Mine just comes up with error message.

pjmarsh
Superuser
Superuser
Posts: 3,456
Thanks: 1,156
Fixes: 10
Registered: ‎06-04-2007

Re: Plusnet Firewall issue

Wouldn't they only show as open if there was something listening on those ports?  Do you have anything?  I don't know what router you are using (sorry if you've stated it higher up), but if it's the Hub One then I'm pretty sure it doesn't allow remote management so doesn't listen on those ports itself.  The only way they would be open with it is if you port forwarded them to something that was listening.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

On my plusnet hub one router port 80 is forwarded to ip address port 1953. Shieldsup still show port 80 as Stealth

Dan_the_Van
Pro
Posts: 623
Thanks: 90
Fixes: 11
Registered: ‎25-06-2007

Re: Plusnet Firewall issue

@james33 

If the Plus Net firewall is off then it can only be your modem/router firewall blocking the traffic unless it (Plus Net firewall) is not working as intended. My understanding is the Plus Net firewall does not negate the Modem/Router firewall settings.

As @pjmarsh said unless something is listening to the required port it will not show the port is open, as I previously stated. I don't think shields up tests UDP connections.

I would avoid using common ports for any connection unless absolutely necessary, like a web server.

@kissinuk 

Perhaps setting to HIGH does stop an inbound VPN connection on all port,  I can't say I've never tried it. What ever you may need to setup a port forward rule for any inbound connection to a VPN Server.

Not sure I can add anymore.

Dan.

 

 

james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

Here is my plusnet hub one screenshot.

Dan_the_Van
Pro
Posts: 623
Thanks: 90
Fixes: 11
Registered: ‎25-06-2007

Re: Plusnet Firewall issue

For clarity

Plus Net Firewall = Broadband Firewall accessed via the members centre.

Modem/Router = Hub One or 3rd Party device.

@james33 

My Hub One firewall setting matches yours.

If I understand correctly

Broadband Firewall setting is OFF then it will be the Hub One firewall only blocking traffic.

LOW the Hub One Firewall still blocks traffic, but no longer needs to  block 53, 111, 135, 137, 138, 139, 445, 515, 1080, 1433, 3128, 3306, 6000 as these never reach your Hub One as they are already blocked by the Broadband Firewall.

HIGH not recommended setting for VPN services.  

Stepping back, are you trying to connect to a VPN Server using a VPN Client or connecting to a local VPN Server hosted on your home network from somewhere outside?

 

kissinuk
Dabbler
Posts: 18
Thanks: 3
Registered: ‎06-04-2008

Re: Plusnet Firewall issue

The problem is the PN firewall is broken - what it displays is not necessarily what is happening. Mine displays 'off' but it is actually set to 'high' .

james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

I am trying to connect to a local VPN Server hosted on my home network from somewhere outside.  I had this setup for 3-4 years worked without any problems until I am unable to switch plusnet broadband firewall to block common ports except http and https.

 

james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

Thanks. Perhaps we should ask Plusnet to solve this problem asap. I suppose we just have to wait.  They took one whole week to fix the webmail problem recently.

kissinuk
Dabbler
Posts: 18
Thanks: 3
Registered: ‎06-04-2008

Re: Plusnet Firewall issue

It's now 3 weeks since I first raised this with PN, still no updates and no working firewall. Not even a mention on the service status.

*Please* can you give as an idea of when this might be fixed.
adam945
Plusnet Help Team
Plusnet Help Team
Posts: 1,354
Thanks: 306
Fixes: 61
Registered: ‎01-12-2020

Re: Plusnet Firewall issue

Please accept our apologies for the inconvenience this has caused thus far. Our team are working on a fix but we did don't have any timescales for now.

 Adam
 Plusnet Help Team - Leeds
james33
Dabbler
Posts: 11
Registered: 2 weeks ago

Re: Plusnet Firewall issue

Thanks for reminding plusnet to sort the firewall issue.  I am still waiting to use my home vpn.  I noted past issues with plusnet firewall in 2018 highlighted on the forum.  Plusnet please get cracking!