cancel
Showing results for 
Search instead for 
Did you mean: 

CNG3ACSMR - DMZ Transparency, or lack of it.

zardoz99
I Plan to Stick Around

Does anyone has a definitive list of exactly what the DMZ mode will pass and what is silently intercepted by the CNG3ACSMR?

 

I set up a Linux system behind the modem and assigned it as the DMZ host. Then I ran a complete network sweep of the posts 1 to 1023 to it. Running tcpdump showed that some ports were getting through but there were a lot that seem to problematic, including the SSH port 22, which never arrived. This is the list that I have doscovered that seem to not work in DMZ mode.

 

PORT    STATE    SERVICE

22/tcp  filtered ssh
23/tcp  filtered telnet
80/tcp  filtered http
111/tcp filtered rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp filtered https
445/tcp filtered microsoft-ds
513/tcp filtered login
520/tcp filtered unknown

The CNG3ACSMR built in help for the DMZ mode however states the following.

 

"

 

3 REPLIES 3

Re: CNG3ACSMR - DMZ Transparency, or lack of it.

RogersAsif
Retired Moderator
Retired Moderator

Hello @zardoz99

 

Thank you for the post, I will see if I can gather any additional details for you.

 

Maybe one of our Resident Experts or Community members can provide some information on this topic.

 

RogersAsif

Re: CNG3ACSMR - DMZ Transparency, or lack of it.

Thats an engineering type question, probably one for the product manager to look up.  The question is, as you indicated, are the ports prevented from use further upstream, or is this an actual modem issue?



Re: CNG3ACSMR - DMZ Transparency, or lack of it.

zardoz99
I Plan to Stick Around

I have done some further extensive testing, with the router still in gateway mode but with all port forwarding disabled and the firewall completely turned off, by using the firewall "custom" setting. I have managed to reduce the number of ports over which I appear to have absolutely no control to these.

 

 

PORT    STATE    SERVICE

22/tcp  filtered ssh
23/tcp  filtered telnet
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn

 The lack of SSH is the real killer... The rest I couldn't really care less about. I strongly suspect that SSH is blocked in the modem and wonder if that block can be removed on a case by case basis?

Topic Stats
  • 3 replies
  • 1714 views
  • 1 Like
  • 3 in conversation