- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
ISP Reports Problem with Open Portmapper - how do debug?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ISP Reports Problem with Open Portmapper - how do debug?
ORBI Netgear RB50 + Satellite
Router Firmware Version: V2.7.2.104
My ISP (Rogers Canada) emailed me today to say "There's a problem with an internet-connected device in your home that's interfering with the Rogers network in your area. This may be a computer, phone, tablet, sensors or any other device connected to your Wi-Fi. Unfortunately, we're unable to help you identify the problem device." I use their modem in bridge mode so I guess this is why they can't identify the specific device but they also don't want to help me determine which device is the problem. The only details I got are:
- Is there something in my NETGEAR Router Orbi setup I can check for port mapping?
- When I use Google to get my public IP address, it's different than the one above - how can I tell if the router received a new public IP since 2021-04-25 06:32:47?
- I ran this in my Terminal app (macOS v11.2.3) on my computers and the output is below:
rpcinfo -T -p <local IP address>
Can't contact rpcbind on 192.168.1.131 rpcinfo: RPC: Unknown protocol
- I have a Synology DS218 NAS connected via cable to the router for storing files; could that be doing something?
- We use Apple iPads & iPhones - is anyone aware of something I should be checking on those?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
> Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Firmware version? Connected to what?
> PORT: 111
> TAG: portmapper
That's typically NFS-related. I know nothing about Rogers policies
with respect to servers, but I suspect that (even if they allow it) you
don't want anything on your LAN exposed that way to the Internet.
> 1. Is there something in my NETGEAR Router Orbi setup I can check for
> port mapping?
If someone in the outside world gets a response from your router at
port 111, which seems to be the case (as from here):
$ rpcinfo -p 99.238.182.129 program vers proto port 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 2 udp 111 rpcbind
then either the router itself is at fault, or it's passing such traffic
to/from some device on your LAN. If we assume that the router itself is
too stupid to have such NFS functionality, then that would suggest one
of the following:
UPnP
DMZ
Explicit port forwarding rules
As a test, I'd disable all of those. (See the User Manual for
details.)
> 2. When I use Google to get my public IP address, it's different than
> the one above - how can I tell if the router received a new public IP
> since 2021-04-25 06:32:47?
Its current WAN/Internet IP address should be found at:
ADVANCED > ADVANCED Home : Internet Port : Internet IP Address
With my weak psychic powers, I can't see it, but you could plug that
address into the form at: https://whois.arin.net/ , and see if it is a
public or private address.
As shown above, _something_ at "99.238.182.129" is responding at port
111. ("telnet 99.238.182.129 111" also gets a connection.) Whether
that's your RBR50, or something else of yours, or some other Rogers
customer is unknown to me.
> 4. rpcinfo -T -p <local IP address>
Bad command syntax. "man rpcinfo". _Whose_ "<local IP address>" is
that? The complaint from your ISP is about stuff on the WAN/Internet
side of your stuff, not anything on your LAN.
> 5. I have a Synology DS218 NAS connected via cable to the router for
> storing files; could that be doing something?
It and a Mac would be plausible NFS users, but, if that activity
stays on your LAN, then your ISP should neither know nor care.
> 6. We use Apple iPads & iPhones - is anyone aware of something I
> should be checking on those?
I doubt it. A command like "rpcinfo -p localhost" on your Mac might
spew a bunch of stuff. You could probe other, less likely devices by
specifying their LAN IP addresses. But, again, this stuff is generally
harmless when confined to your LAN. If it gets through your router to
the outside world, then you might expect complaints from your ISP.
"interfering with the Rogers network" is, I'd say, an exaggeration,
but running/exposing any server at all might violate their terms of
service for a residential account.
Note that "port mapping" and "portmapper" are different from "port
forwarding".
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
Thank you for your quick reply. Looks like I did not redact all instances of the IP they sent me, but my public IP address is different than the one in the email. I'm not very knowledgeable about this stuff but I was told if I typed "what is my ip address" into Google it would tell my my public-facing IP (and I get the same value from every device I try that on), and it's NOT what Rogers sent to me.
As to your queries:
- Router Firmware Version V2.7.2.104 (I thought I put that at the top of my post, but I can't see that now when I reply to you)
- NETGEAR ROUTER ORBI RBR50 is connected via ethernet cable to the Rogers Ignite modem. My iMac is connected by cable to the ORBI, as is the Synology NAS, but everything else is WiFi.
- Can I check on my end to see if you were able to access me?
- I do not have port forwarding set up under Advanced Setup > Port Forwarding/Port Triggering
- UPnP is ON using UDP protocol with two entries in the table:
Int. Port Ext. Port IP Address 3074 3074 ZZZ.ZZZ.ZZZ 9308 9308 ZZZ.ZZZ.ZZZ
- DMZ is not configured as I don't have port forwarding set up
- ADVANCED > ADVANCED Home : Internet Port : Internet IP Address has the same value as when I use Google, and it is NOT what was in the report from Rogers.
- When I plug in the IP from above into whois-RWS it says "Customer=Rogers Cable Inc. BASP (C02170553)"
- As for rpcinfo, I plugged in the local IP for each of my three computers in the <local IP address> bit to see if there was an RPC service running - each said no. Am I supposed to use the public IP? I tried that and it still says "
Can't contact rpcbind on ZZZ.ZZZ.ZZZ.ZZZ
rpcinfo: RPC: Unknown protocol
The only thing I saw on my Synology NAS was a 'QuickConnect' item in the Control Panel which would allow me to connect to the DiskStation from anywhere. It was enabled but I disabled it, but that would not seem to be the issue as I did that before posting my topic.
One thing I forgot to mention - I have Disney Circle 1st Generation device installed to limit access for my son, as well as a Ring doorbell & chime.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
> [...] it's NOT what Rogers sent to me.
My psychic powers have not improved since:
> With my weak psychic powers, I can't see it, but you could plug that
> address into the form at: https://whois.arin.net/ , and see if it is a
> public or private address.
With no clues other than "different", there's little I can offer.
> o ADVANCED > ADVANCED Home : Internet Port : Internet IP Address has the
> same value as when I use Google, and it is NOT what was in the report
> from Rogers.
If Rogers is complaining to you about some other customer's IP
address, then you should be arguing with Rogers. At which point,
further investigation of your stuff might be a waste of time and effort.
> o NETGEAR ROUTER ORBI RBR50 is connected via ethernet cable to the
> Rogers Ignite modem. [...]
About which, I know nothing. A quick Web search suggests that it's a
modem+router, although it might have a "Bridge Mode" (which you might be
using):
https://www.rogers.com/customer/support/article/learn-more-about-the-rogers-ignite-modem
https://www.rogers.com/customer/support/article/how-to-bridge-your-rogers-ignite-modem
> As for rpcinfo, [...]
I can't see your actual command, but if you did it right, then I'd
expect "rpcinfo: RPC: Timed out", rather than "rpcinfo: RPC: Unknown
protocol". I infer that you still have that spurious "-T" option in
there. Copy+paste is your friend. On/from my Mac, I get plenty
(from "localhost" or its own LAN IP address):
$ rpcinfo -p localhost program vers proto port 100000 2 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 4 udp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 4 tcp 111 rpcbind 100024 1 udp 612 status 100024 1 tcp 1021 status 100021 0 udp 712 nlockmgr 100021 1 udp 712 nlockmgr 100021 3 udp 712 nlockmgr 100021 4 udp 712 nlockmgr 100021 0 tcp 1017 nlockmgr 100021 1 tcp 1017 nlockmgr 100021 3 tcp 1017 nlockmgr 100021 4 tcp 1017 nlockmgr 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 1 udp 864 mountd 100005 3 udp 864 mountd 100005 1 tcp 1023 mountd 100005 3 tcp 1023 mountd 100011 1 udp 1018 rquotad 100011 2 udp 1018 rquotad 100011 1 tcp 999 rquotad 100011 2 tcp 999 rquotad
But, (from the router) at my external/public address:
$ rpcinfo -p <public_IP_address> Can't contact rpcbind on <public_IP_address> rpcinfo: RPC: Timed out
as expected.
> RWADDELL
"R" for "Rube"?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
- Yes, the Rogers Ignite modem is set up in Bridge mode - I just confirmed it. But when I log in to the Gateway I see that it's public IP **IS** the one Rogers sent me!?!? So, it's using a different public IP than my Orbi router?
My-iMac:~ Ross$ rpcinfo -p localhost program vers proto port 100000 2 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 4 udp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 4 tcp 111 rpcbind 100024 1 udp 934 status 100024 1 tcp 1021 status 100021 0 udp 661 nlockmgr 100021 1 udp 661 nlockmgr 100021 3 udp 661 nlockmgr 100021 4 udp 661 nlockmgr 100021 0 tcp 1017 nlockmgr 100021 1 tcp 1017 nlockmgr 100021 3 tcp 1017 nlockmgr 100021 4 tcp 1017 nlockmgr 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 1 udp 885 mountd 100005 3 udp 885 mountd 100005 1 tcp 1023 mountd 100005 3 tcp 1023 mountd 100011 1 udp 984 rquotad 100011 2 udp 984 rquotad 100011 1 tcp 999 rquotad 100011 2 tcp 999 rquotad
My-iMac:~ Ross$ rpcinfo -p <public ip address from Orbi router> rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno = Broken pipe
My-iMac:~ Ross$ rpcinfo -p <public IP address from Rogers Ignite modem Gateway> program vers proto port 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 2 udp 111 rpcbind
- If you are referring to Rube Goldberg, I accept the compliment with thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
> o Yes, the Rogers Ignite modem is set up in Bridge mode - I just
> confirmed it. But when I log in to the Gateway I see that it's public IP
> **IS** the one Rogers sent me!?!? So, it's using a different public IP
> than my Orbi router?
My (perhaps insufficient) understanding of "bridge mode" is that it
implies transparency, so I don't know how you can get different IP
addresses on opposite sides of it. However:
> My-iMac:~ Ross$ rpcinfo -p <public ip address from Orbi router>
> rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno =
> Broken pipe
It might be easier to follow this stuff if you just stopped trying to
hide the actual addresses.
> My-iMac:~ Ross$ rpcinfo -p <public IP address from Rogers Ignite modem
> Gateway>
> [...]
That looks like what's in the complaint, but it's not obvious that
the RB50 has much to do with it. Especially if you can't get anything
similar out of the RB50 directly.
> o UPnP is ON using UDP protocol with two entries in the table:
Did you try disabling it? I wouldn't expect much, but it'd be nice
to make sure.
> If you are referring to Rube Goldberg, [...]
Nope.
https://en.wikipedia.org/wiki/Rube_Waddell
Or, watch the first part(s) of the Ken Burns "Baseball" series.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
Waddell is not a very common last name so I'm surprised I'd not heard of Rube Waddell before. Thanks for that!
I'll try disabling UPnP this morning to see if that works, but I suspect I have another frustrating call with Rogers tech support in my future.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ISP Reports Problem with Open Portmapper - how do debug?
Turning off UPnP on the Orbi router made no difference:
Rogers Ignite Modem Gateway IP
My-iMac:~ Ross$ rpcinfo -p 99.238.182.129 program vers proto port 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 2 udp 111 rpcbind
Orbi Router IP
My-iMac:~ Ross$ rpcinfo -p 99.238.194.52 rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno = Broken pipe
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more