US Telco Support > Verizon > Verizon Fiber Optics > [Northeast] All these ports are open?

[Northeast] All these ports are open?

res fios only has outbound port 25 closed down, and then port 80 is questionable but mostly open throughout.

other than that, it's wide open baby!

reply to batsona
I'm running a lot more than a single VPN connection on my residential FiOS connection with no issues. Mail, HTTP (on port 80), SSH, OpenVPN, etc.

My traffic is pretty light (everything is for personal/family use), so I doubt my usage is any concern to VZ
--
University of Southern California - Fight On!

reply to batsona
i think it depends on which area, the nyc area has a lot of ports closed off. 25 and 80.

reply to batsona
I should clarify that I was scanning from my workplace, inbound into my FiOS. I notice I didn't see 25, or 80 or 443, but as you can see, a bunch of others are open.

I just need to pick a port for IPSEC to use & I'll be set.

reply to htin11

reply to batsona

That's not the correct Test, it's used for checking NAT and firewall Security. You should be using The ICSI Netalyzr From UC Berkeley. It test's everything from dns to buffer bloat and open port's.

»netalyzr.icsi.berkeley.edu/

reply to batsona
IPSec itself doesn't use your concept of port anyway. It uses a different protocol number (it's 50 or 51, depending on implementation...although usually 50 because AH at 51 doesn't NAT at all). Despite sooooooooooo many people using the term "TCP/IP," it's massively incorrect. Although admittedly the majority of IP traffic is TCP, there's plenty which use other protocols. (although...With increasing uptake of VoIP and other streamed protocols, more and more traffic is UDP.)

In particular, you're going to want to see if UDP port 500 is open for IKE. I can't imagine why they'd choose to block that. If you're using the UDP encapsulating flavor of IPSec, you're going to want to see if UDP port 4500 is open. See also RFC 3948, which deals with encapsulating IPSec in UDP to make NAT easier though not foolproof.

Besides...if you haven't done so already, I would seriously consider delving into the resources on this site with regards to putting the Actiontec into bridging mode and using your own router. Therefore you don't have to rely on what it thinks is or is not good, or will or will not NAT. The only thing at that point you'd have to worry about is what Verizon might filter before packets even get to your ONT.

Something you may wish to consider: that you didn't know this might give your other (non home) endpoint some concern about the security of their internal network.

--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!

I left out an important detail.. I'll be using the Cisco VPN Concentrator (yes, it's end-of-life this summer).. it has the capability of moving IPSEC onto a regular old TCP port, instead of using ESP / protocol 50 or 51. Slightly wider compatibility this way, in case people are indeed blocking 50 or 51. IKE, as well as the tunnel itself will use this TCP port.