eero Firewall - why some ports closed vs. stealth'd?
In doing a check of my eero's firewall and ports status, just to see if they were reported as being open, closed, or stealth (via www.grc.com , their reputable "Shields Up!" port check) I have 2 ports that show as 'Closed' rather than as 'Stealth' -- Ports 22 (ssh) and 80 (http).
I don't have any router firewall ports open via uPnP (it's disabled) nor do I have any ports forwarded in my static IP address reservations, so shouldn't my expectation be that I should see all 'Stealth' results?
I've double-checked my eero config and see no reason why port 22, at least, should respond to a ping from the outside world any differently than any other unused port like 21 (FTP), 23 (Telnet), etc...
Can eero tech please comment?
'Stealth' would be preferred, IMHO.
I'm not running in bridge mode.
While there is VPN software that's been loaded and configured onto one of my PC's, it is not active or running (I don't load it up unless I need to specifically have a VPN session for something that the VPN provides).
So I'm not sure what to do next, is there something you can check on your side in the logs, what might be using firewall port 22, for example?Reply
I've been investigating this issue on my end and I don't see a reason for it to have these ports as anything but stealth.
I've *uninstalled* the VPN software from the one PC that had it on it (even though it was installed it wasn't running or active in the background) just in case it would be opening port 22 fofr some reason.
I've also triple-checked my eero setup that I have no port forwarding configured (at all).
I've installed and have been running Wireshark to report any tcp packets flying around my network related to port 22, and in 3 days since I've rebooted the eero and been running Wireshark, ZERO packets related to tcp port 22 have surfaced. Yet the router still shows (at least) port 22 open.
IMHO this seems to be an issue with the eero software since I believe I have eliminated any possibility of errant port 22 on my own network.Reply