ISP Reports Problem with Open Portmapper - how do debug?

> Model: RBR50|Orbi AC3000 Tri-band WiFi Router

   Firmware version?  Connected to what?

> PORT: 111
> TAG: portmapper

   That's typically NFS-related.  I know nothing about Rogers policies
with respect to servers, but I suspect that (even if they allow it) you
don't want anything on your LAN exposed that way to the Internet.

> 1. Is there something in my NETGEAR Router Orbi setup I can check for
> port mapping?

   If someone in the outside world gets a response from your router at
port 111, which seems to be the case (as from here):

$ rpcinfo -p 99.238.182.129
   program vers proto   port
    100000    4   tcp    111  rpcbind
    100000    3   tcp    111  rpcbind
    100000    2   tcp    111  rpcbind
    100000    4   udp    111  rpcbind
    100000    3   udp    111  rpcbind
    100000    2   udp    111  rpcbind

then either the router itself is at fault, or it's passing such traffic
to/from some device on your LAN.  If we assume that the router itself is
too stupid to have such NFS functionality, then that would suggest one

of the following:
      UPnP
      DMZ
      Explicit port forwarding rules

   As a test, I'd disable all of those.  (See the User Manual for
details.)

> 2. When I use Google to get my public IP address, it's different than
> the one above - how can I tell if the router received a new public IP
> since 2021-04-25 06:32:47?

   Its current WAN/Internet IP address should be found at:
      ADVANCED > ADVANCED Home : Internet Port : Internet IP Address

   With my weak psychic powers, I can't see it, but you could plug that
address into the form at: https://whois.arin.net/ , and see if it is a
public or private address.

   As shown above, _something_ at "99.238.182.129" is responding at port
111.  ("telnet 99.238.182.129 111" also gets a connection.)  Whether
that's your RBR50, or something else of yours, or some other Rogers
customer is unknown to me.

> 4. rpcinfo -T -p <local IP address>

   Bad command syntax.  "man rpcinfo".  _Whose_ "<local IP address>" is
that?  The complaint from your ISP is about stuff on the WAN/Internet
side of your stuff, not anything on your LAN.

> 5. I have a Synology DS218 NAS connected via cable to the router for
> storing files; could that be doing something?

   It and a Mac would be plausible NFS users, but, if that activity
stays on your LAN, then your ISP should neither know nor care.

> 6. We use Apple iPads & iPhones - is anyone aware of something I
> should be checking on those?

   I doubt it.  A command like "rpcinfo -p localhost" on your Mac might
spew a bunch of stuff.  You could probe other, less likely devices by
specifying their LAN IP addresses.  But, again, this stuff is generally
harmless when confined to your LAN.  If it gets through your router to
the outside world, then you might expect complaints from your ISP.

"interfering with the Rogers network" is, I'd say, an exaggeration,
but running/exposing any server at all might violate their terms of
service for a residential account.

   Note that "port mapping" and "portmapper" are different from "port
forwarding".

      https://en.wikipedia.org/wiki/Portmap

Thank you for your quick reply. Looks like I did not redact all instances of the IP they sent me, but my public IP address is different than the one in the email. I'm not very knowledgeable about this stuff but I was told if I typed "what is my ip address" into Google it would tell my my public-facing IP (and I get the same value from every device I try that on), and it's NOT what Rogers sent to me.

As to your queries:

• Router Firmware Version V2.7.2.104 (I thought I put that at the top of my post, but I can't see that now when I reply to you)
• NETGEAR ROUTER ORBI RBR50 is connected via ethernet cable to the Rogers Ignite modem. My iMac is connected by cable to the ORBI, as is the Synology NAS, but everything else is WiFi.
• Can I check on my end to see if you were able to access me?
• I do not have port forwarding set up under Advanced Setup > Port Forwarding/Port Triggering
• UPnP is ON using UDP protocol with two entries in the table:

Int. Port     Ext. Port   IP Address
3074          3074         ZZZ.ZZZ.ZZZ
9308          9308         ZZZ.ZZZ.ZZZ

• DMZ is not configured as I don't have port forwarding set up
• ADVANCED > ADVANCED Home : Internet Port : Internet IP Address has the same value as when I use Google, and it is NOT what was in the report from Rogers.
• When I plug in the IP from above into whois-RWS it says "Customer=Rogers Cable Inc. BASP (C02170553)"
• As for rpcinfo, I plugged in the local IP for each of my three computers in the <local IP address> bit to see if there was an RPC service running - each said no. Am I supposed to use the public IP? I tried that and it still says "

  Can't contact rpcbind on ZZZ.ZZZ.ZZZ.ZZZ

  rpcinfo: RPC: Unknown protocol

The only thing I saw on my Synology NAS was a 'QuickConnect' item in the Control Panel which would allow me to connect to the DiskStation from anywhere. It was enabled but I disabled it, but that would not seem to be the issue as I did that before posting my topic.

One thing I forgot to mention - I have Disney Circle 1st Generation device installed to limit access for my son, as well as a Ring doorbell & chime.

> [...] it's NOT what Rogers sent to me.

   My psychic powers have not improved since:

> With my weak psychic powers, I can't see it, but you could plug that
> address into the form at: https://whois.arin.net/ , and see if it is a
> public or private address.

   With no clues other than "different", there's little I can offer.

> o ADVANCED > ADVANCED Home : Internet Port : Internet IP Address has the
> same value as when I use Google, and it is NOT what was in the report
> from Rogers.

   If Rogers is complaining to you about some other customer's IP
address, then you should be arguing with Rogers.  At which point,
further investigation of your stuff might be a waste of time and effort.

> o NETGEAR ROUTER ORBI RBR50 is connected via ethernet cable to the
> Rogers Ignite modem. [...]

   About which, I know nothing.  A quick Web search suggests that it's a
modem+router, although it might have a "Bridge Mode" (which you might be
using):

      https://www.rogers.com/customer/support/article/learn-more-about-the-rogers-ignite-modem

      https://www.rogers.com/customer/support/article/how-to-bridge-your-rogers-ignite-modem

> As for rpcinfo, [...]

   I can't see your actual command, but if you did it right, then I'd
expect "rpcinfo: RPC: Timed out", rather than "rpcinfo: RPC: Unknown
protocol".  I infer that you still have that spurious "-T" option in
there.  Copy+paste is your friend.  On/from my Mac, I get plenty
(from "localhost" or its own LAN IP address):

$ rpcinfo -p localhost 
   program vers proto   port
    100000    2   udp    111  rpcbind
    100000    3   udp    111  rpcbind
    100000    4   udp    111  rpcbind
    100000    2   tcp    111  rpcbind
    100000    3   tcp    111  rpcbind
    100000    4   tcp    111  rpcbind
    100024    1   udp    612  status
    100024    1   tcp   1021  status
    100021    0   udp    712  nlockmgr
    100021    1   udp    712  nlockmgr
    100021    3   udp    712  nlockmgr
    100021    4   udp    712  nlockmgr
    100021    0   tcp   1017  nlockmgr
    100021    1   tcp   1017  nlockmgr
    100021    3   tcp   1017  nlockmgr
    100021    4   tcp   1017  nlockmgr
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100005    1   udp    864  mountd
    100005    3   udp    864  mountd
    100005    1   tcp   1023  mountd
    100005    3   tcp   1023  mountd
    100011    1   udp   1018  rquotad
    100011    2   udp   1018  rquotad
    100011    1   tcp    999  rquotad
    100011    2   tcp    999  rquotad

   But, (from the router) at my external/public address:

$ rpcinfo -p <public_IP_address>
Can't contact rpcbind on <public_IP_address>
rpcinfo: RPC: Timed out

as expected.

> RWADDELL

   "R" for "Rube"?

• Yes, the Rogers Ignite modem is set up in Bridge mode - I just confirmed it. But when I log in to the Gateway I see that it's public IP **IS** the one Rogers sent me!?!? So, it's using a different public IP than my Orbi router?

My-iMac:~ Ross$ rpcinfo -p localhost
   program vers proto   port
    100000    2   udp    111  rpcbind
    100000    3   udp    111  rpcbind
    100000    4   udp    111  rpcbind
    100000    2   tcp    111  rpcbind
    100000    3   tcp    111  rpcbind
    100000    4   tcp    111  rpcbind
    100024    1   udp    934  status
    100024    1   tcp   1021  status
    100021    0   udp    661  nlockmgr
    100021    1   udp    661  nlockmgr
    100021    3   udp    661  nlockmgr
    100021    4   udp    661  nlockmgr
    100021    0   tcp   1017  nlockmgr
    100021    1   tcp   1017  nlockmgr
    100021    3   tcp   1017  nlockmgr
    100021    4   tcp   1017  nlockmgr
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100005    1   udp    885  mountd
    100005    3   udp    885  mountd
    100005    1   tcp   1023  mountd
    100005    3   tcp   1023  mountd
    100011    1   udp    984  rquotad
    100011    2   udp    984  rquotad
    100011    1   tcp    999  rquotad
    100011    2   tcp    999  rquotad

My-iMac:~ Ross$ rpcinfo -p <public ip address from Orbi router>
rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno = Broken pipe

My-iMac:~ Ross$ rpcinfo -p <public IP address from Rogers Ignite modem Gateway>
   program vers proto   port
    100000    4   tcp    111  rpcbind
    100000    3   tcp    111  rpcbind
    100000    2   tcp    111  rpcbind
    100000    4   udp    111  rpcbind
    100000    3   udp    111  rpcbind
    100000    2   udp    111  rpcbind

• If you are referring to Rube Goldberg, I accept the compliment with thanks.

> o Yes, the Rogers Ignite modem is set up in Bridge mode - I just
> confirmed it. But when I log in to the Gateway I see that it's public IP
> **IS** the one Rogers sent me!?!? So, it's using a different public IP
> than my Orbi router?

   My (perhaps insufficient) understanding of "bridge mode" is that it
implies transparency, so I don't know how you can get different IP
addresses on opposite sides of it.  However:

> My-iMac:~ Ross$ rpcinfo -p <public ip address from Orbi router>
> rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno =
> Broken pipe

   It might be easier to follow this stuff if you just stopped trying to
hide the actual addresses.

> My-iMac:~ Ross$ rpcinfo -p <public IP address from Rogers Ignite modem
> Gateway>
> [...]

   That looks like what's in the complaint, but it's not obvious that
the RB50 has much to do with it.  Especially if you can't get anything
similar out of the RB50 directly.

> o UPnP is ON using UDP protocol with two entries in the table:

   Did you try disabling it?  I wouldn't expect much, but it'd be nice
to make sure.

> If you are referring to Rube Goldberg, [...]

   Nope.

      https://en.wikipedia.org/wiki/Rube_Waddell

Or, watch the first part(s) of the Ken Burns "Baseball" series.

Waddell is not a very common last name so I'm surprised I'd not heard of Rube Waddell before. Thanks for that!

I'll try disabling UPnP this morning to see if that works, but I suspect I have another frustrating call with Rogers tech support in my future.

Turning off UPnP on the Orbi router made no difference:

Rogers Ignite Modem Gateway IP

My-iMac:~ Ross$ rpcinfo -p 99.238.182.129
   program vers proto   port
    100000    4   tcp    111  rpcbind
    100000    3   tcp    111  rpcbind
    100000    2   tcp    111  rpcbind
    100000    4   udp    111  rpcbind
    100000    3   udp    111  rpcbind
    100000    2   udp    111  rpcbind

Orbi Router IP

My-iMac:~ Ross$ rpcinfo -p 99.238.194.52
rpcinfo: can't contact portmapper: rpcinfo: RPC: Unable to send; errno = Broken pipe