Scanning WAN IP from outside is showing flint2 router have following ports open:
22, 53, 80, 443, 3000, 8080, 8443.
I have confirmed i am able to ssh on port 22 and it works.
I have confirmed that under security remote access controls are off. I have also tried enabling disabling it but it doesn’t work. Port 22 only can be disabling by disabling SSH under security.
Can you please explain why exactly ports are appearing as open on WAN port and also reachable from internet? See below output for wan:
Just to clarify open ports are not reachable from internet but from clients which is using VPN. Still it’s odd that scanning WAN IP when connecting over VPN is showing all ports open and also VPN clients are able to SSH into WAN IP
That is to say, the VPN client's request reaches the VPN server (aka Flint2) through the VPN tunnel, and VPN server (Flint2) based on the route tables, to match the IP which from the VPN client wants to access, is the Flint2 owns WAN port IP.
For clients on the LAN side and VPN tunnel side, both belong to the trusted zone, that is, they can request to Flint2 through the WAN.
However, for the WAN (Internet) side, it belongs to the untrusted zone, so Flint2 will reject to reply and drop requests initiated on the WAN side.
You should scan Flint2 ports from the WAN (Internet) side, to correctly check which ports are opened by the GL router.