0

Removing Port Forward doesn't disable forwarding

I have long had port forwarding enabled (and working well) for a Synology disk station, forwarding ports 80/443 (to support automatic Let's Encrypt certificate updates) and 5001, the default Synology web app port. After getting a flurry of invalid login attempts, I deleted all port forwards for the disk station. But the invalid login attempts continued, meaning the Eero Pro is still implementing those now-deleted forwarding rules. This has continued for more than an hour after I deleted the port forwards.

How long should port forwarding rules continue to be in place *after they have been deleted* via the Eero app? I'd say no new connections should pass through the Eero as soon as I delete the port forward. Do I need to reboot my Eero device to truly eliminate those forwarding rules? (That seems a bit heavy-handed)

My Eero pro is running v6.10.3-151. I'm testing the "openness" of the ports using grc.com's shields-up tool, plus I see new invalid login attempts from external addresses in the Synology logs an hour after I deleted the Eero port forwarding rules.

Can someone please comment with some authority on why the Eero is not honoring deletion of port forwards?

thanks

2 replies

    • ScottyR
    • 1 yr ago
    • Reported - view

    As suspected, Eero appears to truly remove a port forwarding rule only after a reboot. At least that has been my experience. Suggest you keep that in mind when you remove an existing port forwarding rule: Assume the port forwarding rule rem

    Eero - I don't see that documented anywhere. I'm a little incredulous that you would actually have a mature network security product with that behavior.

    regards

    • brettface
    • 1 yr ago
    • Reported - view

    Sometimes it's immediate.  Sometimes it requires a reboot to kick in.  You can never really know for sure with Eero unless you run a port scan after opening/closing ports.

    This behavior allowed a family member of mine to get infected with ransomware last month, btw.  Someone brute-forced their way into Windows Remote Desktop on port 3389 when the Eero app showed the port as closed.  It wasn't actually closed.

    The lesson learned is don't trust the Eero app - use external testing tools when closing ports.

Content aside

  • 1 yr agoLast active
  • 2Replies
  • 136Views
  • 2 Following