Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port 53 open on MX95 WAN

Solved
MSakr
Getting noticed
‎May 6 2024 3:12 AM
‎May 6 2024 3:12 AM

Port 53 open on MX95 WAN

Hi All

Our ISP was complaining about port 53 being open with an active dns resolver on it 

dnsmasq-2.85

Now this is a new firewall that went live a few days ago, there is no port forwarding rules configured there, so why port 53 is open.. i tested from another public IP and port 53 is indeed open..

  1. Why this is the case and what other ports are expected to be open?
  2. how to make sure all ports are closed from internet initiated traffic as these should be?

We don't have any DNS service exposed on the public IP nor any NAT other than WAN standard NAT is on for inbound LANs to access the internet.. the MX is in routed mode obviously

Thanks 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to MSakr
ww
Kind of a big deal
Kind of a big deal
‎May 6 2024 4:29 AM
‎May 6 2024 4:29 AM

There is a ? On top of the dashboard screen. Then go to firewall info.

But i dont understand you L3 firewall dashboard view.  Afaik Inbound rules should be for ipv6 only not for ipv4 traffic.  Unless  you made/requested some changes to the default settings

Maybe you running the early access:  org>early access

"NAT Exceptions with Manual Inbound Firewall"

^^^

Looks like 'open port(s)' its related to above

View solution in original post

Subscribe
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 6 2024 3:46 AM
‎May 6 2024 3:46 AM

It is a DNS resolver, and has to be able to accept DNS replies.

I think it turns off when you don't have any DHCP scopes including the security appliance as a DNS server.

Subscribe
MSakr
Getting noticed
‎May 6 2024 3:58 AM
‎May 6 2024 3:58 AM

Hi @PhilipDAth 

I don't have any DHCP scopes set, all VLANs are configured not to respond to any DHCP requests..

MSakr_0-1714993044791.png

Nor are there setups pointing the appliance as a DNS relay or DNS.. I am pointing everywhere towards Google ones

 

0 Kudos
Subscribe
In response to MSakr
ww
Kind of a big deal
Kind of a big deal
‎May 6 2024 4:05 AM
‎May 6 2024 4:05 AM

Im not running mx95 and i dont see port53 open from outside. 

You can take a look at ? > firewall info if that list port 53.

Otherwise create a support ticket and let them find out why its open

Subscribe
In response to ww
MSakr
Getting noticed
‎May 6 2024 4:19 AM
‎May 6 2024 4:19 AM

Hi @ww 

I don't see a Firewall>Info section under my mx95.. however the inbound L3 rules are set to the default deny..

MSakr_0-1714994288838.png

I don;t want to set an explicit deny for port 53 as this in theory might block all forwarder DNS traffic..

0 Kudos
Subscribe
In response to MSakr
ww
Kind of a big deal
Kind of a big deal
‎May 6 2024 4:29 AM
‎May 6 2024 4:29 AM

There is a ? On top of the dashboard screen. Then go to firewall info.

But i dont understand you L3 firewall dashboard view.  Afaik Inbound rules should be for ipv6 only not for ipv4 traffic.  Unless  you made/requested some changes to the default settings

Maybe you running the early access:  org>early access

"NAT Exceptions with Manual Inbound Firewall"

^^^

Looks like 'open port(s)' its related to above

Subscribe
In response to ww
MSakr
Getting noticed
‎May 6 2024 5:29 AM
‎May 6 2024 5:29 AM

Yes indeed, I enabled the early access on this one.. this is why you see the IPV4 rules.. looks more professional for me this way 🙂 

Thanks for the pointer to the firewall info.. I found a strange snmp inbound rule there that isn't set anywhere in my rules to one public IP from a range routed to the WAN public IP with source the Meraki Networks.. no clue why this is there even though the target IP is not the WAN Ip

MSakr_0-1714998534513.png

 

0 Kudos
Subscribe
MSakr
Getting noticed
‎May 12 2024 5:38 AM
‎May 12 2024 5:38 AM

Hi All

Still with Meraki support on this one, they are trying to figure it out why it is open and responding to such requests..

0 Kudos
Subscribe
MSakr
Getting noticed
2 weeks ago
2 weeks ago

Update on this issue: After spending some time with Meraki support, they did indeed point out to the fact that the early access feature of the L3 inbound tules are the culprit, if no rules are configured, an explicit allow all kicks in..which you don't see in the inbound L3 rules as the default is deny, see previous post screenshot.. confusing.. 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.