12
3
Is there a way to tell the difference between my ISP blocking traffic on certain ports and my NAT router/firewall blocking that traffic? The sites “Shields Up” and “Can you see me” show my ports closed or not accessible, but I assume that is primarily due to the NAT router. (Obviously, I could just remove the router, connect directly and use those sites, but is there a simple way to test without doing that?)
Will M
Posted 2009-07-22T16:14:44.403
Reputation: 868
7
You can set your computer as the DMZ in the router configuration, which means that NAT essentially passes everything to you.
Joey
Posted 2009-07-22T16:14:44.403
Reputation: 36 381
10
This will take a lot of time but will get you the list of all blocked ports:
#!/bin/bash
COUNTER=1
while [ $COUNTER -lt 65535 ]; do
echo $COUNTER
curl portquiz.net:$COUNTER --connect-timeout 1
let COUNTER=COUNTER+1
done
ayushgp
Posted 2009-07-22T16:14:44.403
Reputation: 203
6
Firebind.com is able to tell you whether any of the 65535 UDP or TCP ports are being blocked between your client machine and the Internet. They have a Java Applet client that sends packets back and forth from your machine to their server over the port(s) of your choosing, and if the packets transfer successfully, you know the port isn't blocked by any intervening firewall (such as your own home router or your ISPs firewall.)
So in your case you could first run tests from behind your router and get a list of all blocked ports. Then you could connect your machine directly to the Internet (bypassing the firewall) and run the tests again. By comparing the results you'd be able to figure out the difference between what your home router blocks and what your ISP blocks.
It's important to note that Firebind is NOT a port scanner. It's a "PATH" scanner.
Firebinder
Posted 2009-07-22T16:14:44.403
Reputation: 61
3
You could set your router/firewall to do logging and see what it is blocking specifically.
JP Alioto
Posted 2009-07-22T16:14:44.403
Reputation: 6 278
Ah - turn on logging, run the Shields up port scan, and any port NOT logged is blocked somewhere else. Great idea. – Will M – 2009-07-22T16:19:14.147
But you wouldn't want to up-vote this question, would you? – innaM – 2009-07-22T16:37:46.570
Clever, but no - router (mine, anyway) logs a possible port scan and doesn't keep all the details, so I'm still looking for ideas. – Will M – 2009-07-23T03:20:33.820
1Bash has
for ((counter=1; counter <= 65535; ++counter)); doand also notice the lowercase variable (uppercase is reserved for system variables). – tripleee – 2018-04-11T11:52:46.277