AppleNova Forums

jdcfsu · 2007-02-08, 19:37

Ok, this is driving me nuts. I originally mentioned this problem in the Airport thread but am moving here for further explanation and in hopes someone knows what is going on.

The long and the short is that on my new Airport Extreme 802.11n model, all ports return a stealth status (after NAT-PMP filtering is enabled) except Port 53. Port 53, evidently, is the DNS port and returns an open status. In my limited knowledge of networking this is a no-no when you want to secure your network. For the life of me (and some people on the Apple Discussion Forums for that matter) I cannot figure out why this port is open, how to return it as stealth, or what to do next.

So far I have tried to forward port 53 to something so that it returns a stealth status but the Airport will not let me forward it because it is "in use by a service on the base station." I've tired to run through the logs to see what it is port 53 does but it doesn't make sense to me.

Quote:

Originally Posted by Log

Binding added for udp, xxx.xxx.xxx.31:5353 to 10.0.1.xxx:random_port for duration 3600.

There about 25 entries like that. Directly connected to the Airport is a USB printer and one Windows box over ethernet. Connected wirelessly are two MacBooks, an iMac, and a Wii. The wireless is secured using WPA2.

If anyone has any insight as to why this is returning an open port, what it does, and how to fix it I'll gladly respond with words of gratitude.

rob05au · 2007-02-09, 16:28

Here is a little info that may help

TCP Port Service or Protocol RFC Used By/Additional Info

53 Domain Name System(DNS) 1034 MacDNS

UDP Port Service or Protocol Name RFC Used By/Additional Info

53 Domain Name System (DNS) 1034

This is what apple uses it for at least.

jdcfsu · 2007-02-09, 17:31

I'm sorry but that might as well be Greek... I don't know what any of that means.

2007-02-16, 07:14

(I now enjoy my posting privileges, so here's the reply I sent yesterday as a private message)

_________
I don't know what you're trying to do exactly, but I'll explain my case (and how I solved it)

0) I host my own DNS/mail/web domain in a linux box at home.

1) I replaced my ol' router with a brand-new, sleeker Airport Express Base Station 802.11n

2) As I did before in the router, I forwarded all incoming traffic to my linux box (NAT-PMP)

3) DNS (port 53) name resolution uses UDP requests.

4) The ABS GUI wouldn't let me forward port 53 udp(!!). However, NAT seems to work just fine for http(s) and mail. As a result, my entire domain is down.

Why did this happen? After much pain and woe, I found that the base station has a running, hidden and undocumented DNS caching/forwarding service, listening at port 53 udp. This service passes on all incoming DNS/UDP requests to the hosts specified in the configuration GUI. The problem was solved when I used my linux box internal IP as preferred (and only) DNS in the admin GUI.

This is far from being a coherent solution, so my domain got back to Network Solutions' own servers. Another technical workaround would involve enabling two separate DNS views (Bind 9 or higher). One for dns name resolution requests coming from the Internet, and another one for the LAN.

In other words: Apple thinks you're a lamer that only want to surf the Internet and use .Mac (no offense intended, but please allow me to go mental for a while) - What about an "advanced config" option? What about a product that satisfies both geeks' and regular users' needs.

Well, hope this helps.
//Nando

jdcfsu · 2007-02-16, 10:04

I'm a little confused as to exactly how you solved this problem. You used your internal IP for your machine as the IP for the AE?

2007-02-16, 10:43

I use my linux box IP (the one running DNS/mail/http, say 192.168.0.123) as the DNS IP address in the ABS. Nothing to do with the base station's internal IP, which is set to some default value (192.168.0.1 for my network) - Of course, my linux server doesn't use DHCP.

2007-04-06, 15:59

I just started playing around more with the security settings on my Airport Extreme. Ports 53, 5009, and 65530 are open. Ports 139, 445, 548, 9100-9227, and 10000 show as stealth. Everything else shows as closed. While I'm not overly concerned over the differences between closed and stealth, I'm wondering why I have different results than the original poster. I've got NAT/PMP enabled.

jdcfsu · 2007-04-09, 18:13

Airport Extreme firmware 7.1 was released today and Port 53 now returns as closed. Not stealth, but I'll take what I can get. For some reason Port 548 is now closed and not stealthed. At least it's basically secure now.

2007-04-10, 21:10

Thanks for the heads up. Everything is now closed except for 5009 and 65534. I'm not sure if those can be exploited in any way.

Posting Rules	Navigation
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off	Post Reply Forum Jump

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
USB hub with Airport Extreme?	Performa636CD	Apple Products	12	2007-02-19 14:35
What's the name for an Airport Antenna?	swiftybilko	Genius Bar	9	2005-12-11 11:43
Cannot connect to Internet with AirPort Extreme.	RTN	Genius Bar	10	2005-10-26 08:43
A few earnest questions re: AirPort Express and Cinema Display hub...	psmith2.0	Genius Bar	7	2005-01-31 22:16
Something new for AirPort?	thefullm	Speculation and Rumors	4	2004-11-22 10:46

rob05au Member Join Date: May 2005 Location: Australia	2007-02-09, 16:28 Here is a little info that may help TCP Port Service or Protocol RFC Used By/Additional Info 53 Domain Name System(DNS) 1034 MacDNS UDP Port Service or Protocol Name RFC Used By/Additional Info 53 Domain Name System (DNS) 1034 This is what apple uses it for at least.
	quote

jdcfsu Veteran Member Join Date: Jun 2006 Location: Florida	2007-02-09, 17:31 I'm sorry but that might as well be Greek... I don't know what any of that means.
	quote

jdcfsu Veteran Member Join Date: Jun 2006 Location: Florida	2007-02-16, 10:04 I'm a little confused as to exactly how you solved this problem. You used your internal IP for your machine as the IP for the AE?
	quote

Nando	2007-02-16, 10:43 I use my linux box IP (the one running DNS/mail/http, say 192.168.0.123) as the DNS IP address in the ABS. Nothing to do with the base station's internal IP, which is set to some default value (192.168.0.1 for my network) - Of course, my linux server doesn't use DHCP. Last edited by Nando : 2007-02-16 at 10:56.
	quote

jdcfsu Veteran Member Join Date: Jun 2006 Location: Florida	2007-04-09, 18:13 Airport Extreme firmware 7.1 was released today and Port 53 now returns as closed. Not stealth, but I'll take what I can get. For some reason Port 548 is now closed and not stealthed. At least it's basically secure now. 90% of statistics can be made to say anything 50% of the time. Website \| Twitter
	quote

bjf123	2007-04-10, 21:10 Thanks for the heads up. Everything is now closed except for 5009 and 65534. I'm not sure if those can be exploited in any way.
	quote

User Name		Remember Me?
Password

AppleNova Forums

Airport Extreme and Port 53