Open Ports CISCO 1941W Router

jlifschitz · ‎04-21-2013

Hi,

I need some help to open speciifc ports on 1941w Integrated Services Router.

This specific router is a wireless VPN router that has a wired module and a wireless module and VPN so I'm getting 3 subnets on my network - 192.168.1.. for the wired connections, 10.100.1.... for wireless LAN connections and 10.100.2... for VPN remote connections.

I know that by default all connected computers can access my Linux server data through telnet so the telnet port is open by default, the problem is that I have some other software licensing system on my Linux box that needs to be accessed through port 27000 and most of my users are using wireless connections and can't access that license because post 27000 is closed.

Could anybody on this forum let me know what is the comand to open this post or any other port that I need to be open on the wired module, wireless module and VPN or at least poit me to somewhere where I can find all the commands that I can use for this router?

Appreciate any pointers,

Joseph

kcnajaf · ‎04-21-2013

Hi Joseph,

Could you please share the router config with sensitive information removed and let us know the source and destination address from which you want to allow this port?

Regards

Najaf

jlifschitz · ‎04-22-2013

Hi Najaf,

Please find attached running config file (removed sensitive information).

As you might sse from this file I have 3 IP Addresses range on my network, 192.168.1.11 - 192.168.1.254 (wired connections), 10.100.1. for wireless connections behind the router (local) and 10.100.2. for remote users loging in through the router's VPN.

I managed to remove the DHCP for the wired connections from the router and all wired connections (user, printers, devices) are getting their IP Address from the Small Business Server 2011 DHCP, but wasn't able to do the same for the wireless connections and for the VPN connections so every time a wireless/remote computer gets on the network their IP will be different.

Right now all connections on my network are able to connect through Telnet connections to the Linux server (192.168.1.11) regardless if they're connected wirelessly, wired or remote which I think means that port 23 is open by default.

What I need right now is that any computer connected to my network to be able to acces the Linux server files/licenses directly by IP Address or computer name throught the following ports:

2002, 2007, 2000, 2005, 2008, 2100, 2001, 11057, 2004, 2006, 2003, 2103, 8888 & 8443

These ports are necessary to be open so users can connect to the Linux box so I guess answering your question this will be incoming connections.

Is there a command to open specific port?

Thanks,

Joseph

kcnajaf · ‎04-22-2013

Hi Joseph,

Does the configuration includes the router configuration? I can see only AP config here :-(

Sorry to say that from your attached document I doesnot see any reference to 192.168.1.x and 10.100.2.x networks.

Coming back to your original question for accessing the linux server through various port, i dont thing you dont have to make any configuration changes on your device atleast as per your exsisting configuration which you have shared. All you need to ensure is that your Linux box is lessoning on the above port (like 2002,2007,2000 etc...) by enabling specific services on the Linux box. The reason you are able to telnet to the Linux box is due to the fact that telnet service is enabled on you Linux box and hence it is responding to your telnet request on port 23. Likewise you need to ensure that other services are enabled on Linux box for you to access this from other machines and you dont need to specifically allow anything on the router.

Hope that helps

Regards

Najaf

jlifschitz · ‎04-23-2013

Hi Najaf,

Maybe I removed too many lines form the report or didn't use the correct command, sorry about that, here is a screenshot attached with some of the telnet users currently logged in, as you may see depending on their location/connection they get assigned different IP range (yellow highlighted is wired connection inside the office, green is wireless connection inside the office and the red one is myslef connected remotelly through Cisco VPN Client).

Thanks for the Linux suggestion, I'll definetely check that option tomorrow, although I checked yesterday with a port scanner for specific ports on the router and they all closed.

Thanks,

Joseph

kcnajaf · ‎04-23-2013

Hi Joseph,

No problem...

The problem with the port scanner is that it will let you know if any device is listening on any specified port. In your case the Linux server is suppose to listen on those port and the way i understood is you have not set this up on Linux server yet. Router will just pass the traffic coming on those ports and will not respond to your port scanner as the router is not listening on those port rather it is suppose to pass the traffic through them if any request comes to it. For example if you enable ssh access to the router then router will listen on port 22 and you will be able to see this on port scanner. But if the ports are enabled on the servers and if you query with port scanner on router that will show up as closed only.

Hope that helps.

Regards

Najaf

jlifschitz · ‎04-25-2013

Hi Najaf,

It took me a couple of days to follow up on your suggestion and I have to admit, you are right, the Linux box's firewall was the culrpit as some ports were listening/accepting by default while others were not.

I added the extra ports to the iptables, restarted and now I can connect regardless my connection or location.

Thanks again,

Jospeh