Connecting to testnets: ports, IGDs, etc

I’m getting confused again. Do the sites
https://www.grc.com/x/ne.dll?bh0bkyd2
and

give you different results for your ports 12000 and 15000?

And what does nmap say about the same ports?

Both site give me similar results for 12000 and 15000.

I only had 15000 open cos it was convenient when working with @folahts podman scripts.

nmap results ASAP

So this was the result with Windows firewall on. When I turned it off, I got the result “closed”, even though I have set it open. Go figure…

“Stealth” is the preferred response for a good firewall unless you actually want incoming connections.

Good to know. But why, with firewall down, the port that I have manually set open, is shown closed?

A guy at my ISP explained to me that my manual port forwarding should work, but for some clever security trick hides the port (state shown as “closed” or something else) even though it is open. He said it is actually open only when some application on my computer is actively using it… or something like that… Does this sound familiar to any of you?

Everybody knows about The Great Firewall of China, but could there be a Lesser Firewall of Finland that we are not aware of? I’m being half serious here.

Ok, my results so far:

Manual port forwarding turned ON and IGD ON
With firewall on, or computer turned off: stealth
Firewall of: closed.

Manual port forwarding turned OFF and IGD ON
Stealth, no matter firewall on or off.

Manual port forwarding turned On and IGD OFF
With firewall on, or computer turned off: stealth
Firewall of: closed.

…so opening the port does change something. I have not yet tried Comnet with manual port forwarding, I think there is a chance. If there is Comnet tomorrow, I may not be up that late, but if it continues until Saturday, I should be able to try to join.

I don’t understand. How do you test this?

With another computer, or phone. All my devices share the same public IP.

Oh. And the firewall is on your router, not on a computer. If so, I think I understand.

I’m out of my league here, but I don’t think saying the above is correct. Rather your LAN devices have no public IP at all. Only your router does. Am I right?

EDIT: I’m probably full of shit. Sorry about my uninformed posts.

No no, on my Windows computer only.

I don’t understand any of this, but if I use the site: GRC | ShieldsUP! — Internet Vulnerability Profiling   with my public IP on my phone (that is online via same LAN with computers), the results vary the way I presented above depending how I switch my computers on/off, or the firewall on/off.

So, if I have set port forwarding ON, the result changes if my computer(s) is on or off, or if the firewall is on or off. Thus something is coming from the internet and reaching my computer, even though the port is said to be closed. I have one port forwarded for my Win and another for my Linux, which both have static local IP’s.

But now I’m going to sleep. I’ll reply tomorrow, if questions arises. Oh, just saw your edit, but too tired to make this post include that.

Then I don’t understand how messing with a firewall or switching on/off one computer on your LAN could affect the behavior of other computers even if they are on the same LAN.

Sleep well.

No but that checking site knows automatically my public IP. Then I ask it to probe ports 12000 and 12001. One is forwarded to my Linux machine and another to my Windows machine. Both of them have static local IPs.

Now it doesn’t matter who and where checks those ports on that (my) public IP.

When I say I use my phone that is connected to same LAN, I am just saying that the checking site automatically has the right public IP, as I connected to it from my phone via my router and thus using the same public IP as all the devices in my LAN.

You are learning the hard way that you need to make sure that the firewall on the local machine allows connections. It is not enough to just setup a port forward on the router.

I kind of knew that, but didn’t care because my Ubuntu machine does not have firewall at all. I have only used that machine for Comnets.

What I didn’t know is that it isn’t enough to have the forwarding rules right on the router for these checking sites to check if it is open or not. I thought that the port would be “open” no matter what is or is not behind it. But it seems that there has to be machine behind the port for the outside world to see if port is open or not?

Quite different from the pastoral Image of fields, cows and gates I had in my mind. More like a zen koan: If there is a port, but nobody goes through it, is it really open?

But remains to be seen if it really works in the end or not. I’m slightly hopefull.

Port is open when application is ready to accept connections on it and when noone prevents it from doing this.
Without application listening on your port it can’t be open.
(That is related to TCP, while SN uses UDP, so there will be differences)

In a couple of the testnets last year I used proxychains when starting up the network and I configured proxychains to use Tor (running on my system). Hypothetically it was pushing all connections through Tor. It was working fine in terms of what the network log was telling me, but I don’t know if the network was bypassing proxychains somehow.

Sigh… so is there a tool, a small application, that you could just set to listen to any port you choose? And then you could check that with a checking site?

Nevermind, I found it myself! Yippeeeeee!!!

@Sascha on your linux machine type:

nc -l 12000

… that is if you open the port number 12000. Now you machine is actively listening that port. And now the test sites showed my port OPEN! Gosh how happy I am! This is with the same DNA Sagemcom router you have!

OMG, I have given sound technical advice on computers!!!

Well done @Toivo, this is how to learn technical stuff - not just the stuff itself but how to learn, and how to solve problems.

I still remember when I first started to do this and in time it opened the floodgates to my technical learning and what I was able to achieve with that. It’s very valuable. Some seem to have this effortlessly, others have to struggle to stumble on it, and many never get near, which is a shame because so much becomes accessible and understandable when you can learn to learn, and see problems as opportunities.

Correct, all your router is doing is forwarding the packets onto the machine the port is for. It is up to the machine to respond or not. So its then up to an app/OS on the machine to respond depending on which is listening on the port.

The router is not doing the responding