Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[MossyRock]

I have a D-Link DIR-655 router:
HW version B1
FW version 2.01NA
Region is Seattle, WA
Factory Reset has not been performed - would need a clear indication that the problem is in the DIR-655
ISP service is Cable
Modem is ISP-supplied Aria unit

I use regularly use Shields Up! at Gibson Research (www.grc.com) to probe my systems to determine port statuses (stealth, closed or open) to help keep my systems secure.

Something happened recently that I am at a loss to explain.  I added a port forwarding rule to the router to forward port 6789 (not the actual port number - this is just an example) to port 6789 on certain computer on the network.  After adding the rule, I probed a sampling of ports (non-6789) and they all reported as stealth (which is correct).  I then probed port 6789.  Ok, it came back open, which was expected.  Then, I probed several other random ports, and they were now open, which was unexpected.  I then probed all lower ports (below 1025) and ports surrounding 6789, and nearly all were open!  Something is very wrong.

I turned off the port forwarding rule and the ports reported stealth, meaning all was normal again.

I tried other ports and other machines, and even ran the port scans from other machines, and the result was the same - open ports!

What in the world would cause something like this?  It's like a probe to a forwarded port broke the router's firewall, and all traffic was being passed.

Do you think that the router's firmware has become corrupted, or have I made some sort of mistake?

I've changed no other router settings that I can see would result in this behavior.  I'm experienced with routers and port forwarding and have never experienced anything like this.

I've had two DIR-655 units get bricked in the past while attempting firmware upgrades, so unless there a clear reason to do so, this would be a last resort.  I would need to have a new router on hand before attempting.

Any thoughts would be appreciated.

Thanks.

[FurryNutz]

Link>Welcome!

• What region are you located?
• Are you wired or wireless connected to the router?
• Has a Factory Reset been performed?

Internet Service Provider and Modem Configurations

• What ISP Service do you have? Cable or DSL?
• What ISP Modem Mfr. and model # do you have?

Possible there maybe some testing with GRC in regards to testing accuracy. Can you test with others sites to be sure?

Also your FW version is out of date and may need to be updated...

[MossyRock]

Hi Furry,

Thank you for your response.  Sorry for the lapse of information.  I updated my original post to add most of the needed information.

Additionally:

1) The connection is wired
2) I don't have the model number of the Aria modem - I'm working remotely currently.

I confirmed GRC's results with another port checker.

I've had two other DIR-655 routers in the past get bricked doing firmware upgrades (I've deployed several DIR-655 routers over the years) so I'll do that only as a last resort and only when I have a replacement router in hand, configured, and ready to install - the business can't tolerate an outage.

What I'm trying to determine is if this behavior has been caused by me in any way - like a router malconfiguration or setting conflict, or if router firmware corruption or a bug is suspect.

Thanks.

[FurryNutz]

Has a factory reset been done then set up from scratch then tested?

Do you know if your ISP modem has a built in router or is it a stand alone modem?

We recommend always using this to do FW updates:
 FW Update Process

[MossyRock]

Thanks, Furry.

No, I haven't done a factory reset.  I'll have to go in after-hours and do the factory reset with another pre-configured router in-hand in case something fails.

The ISP's Arris Touchstone telephony modem does not have a router.

I've always followed the firmware upgrade procedures precisely.

So last question - are there any router settings or obvious configuration issues that I should check for first before I start resetting and/or flashing firmware?

[FurryNutz]

Check SPI and NAT Endpoint settings. Should be enabled and default NAT should be working.

If it has been working up to a certain point, could be an ISP issue or ISP modem issue.
We've seen various odd ball issues with Arris modems and we don't recommend using them if possible.
Arris Cable Modems and External Routers

At some point, do a factory reset after you save the routers config to file and test for ports. You may need to update if problem persists.

[MossyRock]

Thanks.

SPI is enabled.

Both UDP and TCP Endpoint Filtering is "Address Restricted". 

Should I change it to the most restrictive, "Port and Address Restricted"?

I'm trying to reach the ISP to verify absolutely that the modem doesn't have a router, but their all of their phone lines are down at the moment (their VoIP network has been having problems lately).  I pretty sure that it doesn't have a router as I've just read the manual on what looks to be the same one that they have, and the DIR-655's IP address shows a public IP address (24.xxx.xxx.xxx), not another router (such as 192.168.xxx.xxx or 10.xxx.xxx.xxx) ahead of it.

[FurryNutz]

Ok.

It's worth testing with Port Restrictive to test as you can always go back to the prior setting after.

Also if you can install a different 655 and test this particular one at home or at a different location to see if the problem follows or not. Also check to see if the different 655 does the same thing at this location. Might help you narrow down where the issue is before doing a FW update.

[MossyRock]

Changing the endpoint settings will most likely cause a router reboot and knock them (and me) offline.  It could cause other problems which I'll have to check for afterwards, so I'll have to go onsite to proceed.

I don't have another DIR-655, unfortunately, so if this doesn't work then I'll have to proceed by configuring and testing with another router.

I'll let you know what happens.

Thanks for your help - much appreciated.

[FurryNutz]

Sounds like a plan, keep us posted. 

[MossyRock]

Furry,

You rock!  

Changing it to "Port and Address Restricted" fixed the problem.  You saved me hours of work.

I'm still at a loss to explain why it was behaving the way it did before, but I guess that's not important now.

I now need to test if this setting prevents multiple simultaneous connections from different IP addresses.  I read and re-read the descriptions of this group of settings and it's not entirely clear to me how it will behave now.  If the connections are transient and not persistent from the remote apps connecting to this port then there should be no problem (BTW - this is being set up for multiple mobile devices in the field to connect to an application running behind the firewall).

Thanks again!

[FurryNutz]

Glad it working now.

I can only surmise that maybe interactions on the router and the ISP service, may have changed on some level that could cause this kind of issue. It would only be a service kind of thing I think.

Anyways, hope it works well for you. Come back if you need any more help.

Enjoy.