Ports exposed to Internet

Similar Messages

• Hi, I'm using a Mac Pro here. I am trying to connect it with my NAS hard drive. But i could not connect to it because i have an ethernet which connects to the intranet in my company and Air Port for the internet.

  Hi, I'm using a Mac Pro here. I am trying to connect it with my NAS hard drive. But i could not connect to it because i have an ethernet which connects to the intranet in my company and Air Port for the internet and it could not detect the the ip address after i input the correct address on "Connect to Server" window. Please help! Urgent! Thanks

  I did not say it is not possible.
  I said if your company networks are monopolizing both ports, you should talk to them about what options are available.
  Maybe you can get the company Intranet over wireless if you change some configuration items such as Subnet Mask.
  Maybe you can get on the Internet over Ethernet.
  You really need to ask them, and do not let them blow you off because you have a Mac. If they balk, ask them how it would be done on a PC (becasue it will be the same on a Mac).

• Port Forwarding and Internet Sharing

  Hey all,
  I have a wireless network set up through a Time Capsule. My iBook is connected to this network via Airport. In addition, I have a computer with no wireless connected to my laptop via Ethernet. I have my System Preferences set up to Share Internet with Built-In Ethernet. The problem is this. I want to use the second computer (which accesses the Internet fine) as a server. The Airport does not recognize the second computer as a Client, but does see the iBook. I believe I need to Forward Ports to the iBook (local IP: 10.0.1.5) and then forward them again with the iBook to the other computer which has the local IP 196.168.2.2.
  Is my thinking right in this? How would I need to configure this to make it work as I've explained?
  If I'm unclear I can clarify.
  Thanks,
  Daniel

  Hi Daniel,
  I think the problem is, is that the Internet Sharing isa pass through connection.
  Try this, in Network>Show:>Network Port Configurations, duplicate the Airport interface, make sure the on used for internet is dragged to the top of the list, then Manually configure if need be, the second one to join the local Network.

• Forwarding Ports While Using Internet Sharing

  I'm trying to get StarCraft working (being able to host games) on my MacBook Pro which is connected to the internet through an iMac G5 which has Internet Sharing turned on and is connected directly to the cable modem. I found some directions online involving using natd on the iMac to forward the ports manually. I have set natd to run on startup with a "-f natd.conf" flag, and my natd.conf has these lines:
  redirect_port tcp 10.0.2.2:6112-6119 6112-6119
  redirect_port udp 10.0.2.2:6112-6119 6112-6119
  10.0.2.2 is the IP address that the iMac has given my MacBook as stated in my Networking preference pane. However, hosting games in StarCraft still does not work and according to this site my port 6112 is still "closed".
  Any ideas?

  Firewalls...harumph.
  Cause more problems than they solve...not really
  Two firewalls (mac's and this intego thingie) will cause more problems than running two antivirus programs on a PC.
  Folks need to come up with really good reasons to use more "firewall power" than mac's excellent firewall.
  Anyway, glad you found it!

• Creating Dual Ethernet ports and separateing Internet vs. LAN

  I have a situation in a shared office where I would like to be on the LAN so as to be able to share files and peripheral equipment such as printers, but I would like to have my own dedicated highspeed DSL service instead of what is provided and shared by the rest of the LAN. What is the best way to go about this?
  Can I install a second Ethernet card in my G5 and have the connection from the DSL modem go directly into that port? If so, how would I tell the computer to use that port for Internet instead of using the other used for LAN? I mean since technically I would have dual Internet services coming to my machine (one through my LAN and the other through the secondary Ethernet port) how could it know which one to access?
  PowerMac G5 Dual 2GH   Mac OS X (10.4.6)  

  Also, as a follow up question, can I use any Ethernet card or are there Mac specific one that I need to get?

• Port forwarding within Internet Sharing

  my xbox is connected to my macbook sharing the wireless internet, but i want to forward a port to my xbox. how do i do that? can't connect the xbox directly to the router.

  How did you get the xbox to share the internet connection?? I can't seem to get it to work with my setup for some reason.
  I've got a macbook connected through wireless. The xbox is plugged into the mac. the internet sharing is on. Web sharing is on. The Airport is set as the top priority port... Double checked all the firewall settings... The only thing I can think I haven't tried is a different type of cable... Do I need a cross-over? I'm totally stumped!

• Port forwarding through Internet Sharing

  Here's my setup:
  - I have a Linksys router, I have that connected wirelessly to my macbook, I have that setup for Ethernet internet sharing to my desktop pc.
  - I want to enable port forwarding so that I can access my PC through VNC.
  - My macbooks ip address is within 192.168.1.x and my desktop's IP address from the macbook is within 192.168.2.x
  - When I connect to my router and try to set up port forwarding I can only forward ports within the 192.168.1.x range.
  - I've tried a bunch of garbage to get it set up, one main thing I've tried was to st my PC's ip address statically to something withing 192.168.1.x, but my default gateway address is 192.168.2.1 so I'm not even sure if thats possible.
  - I really need some help with this, any would be very much appreciated.

  Hi guys. My setup is pretty simple. I have a Terayon cable modem hooked to an iMac. Im doing internet sharing to everybody. I don't need an access point and don't wish to have to buy a new one when I have such a beautiful machine right.
  So I want to do port forwarding using the internet share to connect an XBox360.
  The ports i want to configure are detailed in www.portforward.com
  Anyway I can't see how to do it but I know that for you guys this is all puppy chow. So i decided to give you guys the opportunity to be creative with this setup.

• Cannot access forwarded ports from the internet

  Hi all,
  I have a Cisco 800 Series router that i configured to do some port forwarding. However i must have done something wrong, because i am unable to access the ports .
  Here is the configuration file of the router.
  Sorry it i pasted too much info, i'm new working with Cisco routers
  Building configuration...
  Current configuration : 9429 bytes
  ! Last configuration change at 13:39:12 PCTime Thu Jan 5 2006 by xxx
  ! NVRAM config last updated at 19:45:42 PCTime Mon Jan 2 2006 by xxx
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname pbr.mtn.w
  boot-start-marker
  boot system tftp c860-universalk9-mz.153-3.M.bin 255.255.255.255
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 xxx
  no aaa new-model
  memory-size iomem 10
  clock timezone PCTime 2
  crypto pki trustpoint TP-self-signed-2673109117
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2673109117
  revocation-check none
  rsakeypair TP-self-signed-2673109117
  crypto pki certificate chain TP-self-signed-2673109117
  certificate self-signed 01
    30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32363733 31303931 3137301E 170D3036 30313032 31373232
    35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36373331
    30393131 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100CD17 E55A2286 3F4D2F14 98499254 8DE9B540 7413A05A C229BD7E 72C6E7AA
    7BD657C2 D824C6E4 0C0FD8AB 5EF6871B A28F298C 391DA225 FA4C92D7 5E3C6B06
    B3447494 EA058319 72A69FEA 305751EE B7D7087A 406216C3 6CC14AB8 056B52F4
    117366AD 531E0515 6801228D 7DAA8454 A00A880D 4023B8B3 983DE19C FB00F077
    32450203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
    551D1104 1C301A82 18706272 2E6D746E 2E772E79 6F757264 6F6D6169 6E2E636F
    6D301F06 03551D23 04183016 80148E65 3A8C9B6B E552653E EA96DCD1 F13DD1F1
    8198301D 0603551D 0E041604 148E653A 8C9B6BE5 52653EEA 96DCD1F1 3DD1F181
    98300D06 092A8648 86F70D01 01040500 03818100 B6F568EE 3AFBBF7A B4DEC150
    B6B8860B D953E444 8925C26C 4186AED4 8EAF9F2F D2F335E4 916F941C 1E831EEE
    77C5A9A2 EB7EB7AA 540FF094 8FA28668 91C39BB2 2852DEB9 414DD37B EE984C20
    CE755A14 37C41233 B0B93B55 52E15783 089B59AA AAE54620 352D3820 59DD24A3
    F1E3EC91 CCDE72AA 7544C9C6 1C12EDAF 95767D97
        quit
  no ip source-route
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1 192.168.1.219
  ip dhcp excluded-address 192.168.1.241 192.168.1.254
  ip dhcp excluded-address 10.10.10.21 10.10.10.254
  ip dhcp pool ccp-pool1
     import all
     network 10.10.10.0 255.255.255.0
     default-router 10.10.10.1
  ip dhcp pool GuestPool
     import all
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.80
     dns-server 217.14.128.50 212.99.2.8 212.108.200.77 212.82.225.7
     lease 7
  ip cef
  no ip bootp server
  ip domain name yourdomain.com
  ip name-server 196.44.250.214
  ip name-server 196.44.250.215
  ip name-server 41.223.226.30
  ip name-server 212.118.241.1
  ip name-server 213.157.176.2
  ip name-server 62.128.175.14
  license udi pid CISCO861W-GN-E-K9 sn FCZ161392V5
  username xxx privilege 15 secret 5 xxx
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh version 2
  class-map type inspect match-any ccp-cls-insp-traffic
  match protocol cuseeme
  match protocol dns
  match protocol ftp
  match protocol h323
  match protocol https
  match protocol icmp
  match protocol imap
  match protocol pop3
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-insp-traffic
  match class-map ccp-cls-insp-traffic
  class-map type inspect match-any ccp-cls-icmp-access
  match protocol icmp
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-invalid-src
  match access-group 100
  class-map type inspect match-all ccp-icmp-access
  match class-map ccp-cls-icmp-access
  class-map type inspect match-all ccp-protocol-http
  match protocol http
  policy-map type inspect ccp-permit-icmpreply
  class type inspect ccp-icmp-access
    inspect
  class class-default
    drop
  policy-map type inspect ccp-inspect
  class type inspect ccp-invalid-src
    drop log
  class type inspect ccp-protocol-http
    inspect
  class type inspect ccp-insp-traffic
    inspect
  class class-default
    drop
  policy-map type inspect ccp-permit
  class class-default
    drop
  zone security out-zone
  zone security in-zone
  zone-pair security ccp-zp-self-out source self destination out-zone
  service-policy type inspect ccp-permit-icmpreply
  zone-pair security ccp-zp-in-out source in-zone destination out-zone
  service-policy type inspect ccp-inspect
  zone-pair security ccp-zp-out-self source out-zone destination self
  service-policy type inspect ccp-permit
  interface Null0
  no ip unreachables
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description $ES_WAN$$FW_OUTSIDE$
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  pppoe-client dial-pool-number 1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.1.80 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nat inside
  ip virtual-reassembly
  zone-member security in-zone
  ip tcp adjust-mss 1412
  interface Dialer0
  description $FW_OUTSIDE$
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1452
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  zone-member security out-zone
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname xxx
  ppp chap password 7 xxx
  ppp pap sent-username xxx password 7 xxx
  no cdp enable
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip flow-top-talkers
  top 20
  sort-by bytes
  cache-timeout 20
  ip nat inside source list 1 interface Dialer0 overload
  ip nat inside source static tcp 192.168.1.25 8890 interface Dialer0 8890
  ip nat inside source static tcp 192.168.1.25 80 interface Dialer0 80
  ip nat inside source static tcp 192.168.1.45 21 41.186.26.35 21 extendable
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=128
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^C---------------------------------------------------------------------------
                                NOTICE TO USERS
  THIS IS A PRIVATE COMPUTER SYSTEM.  Unauthorized or improper use of this
  system may result in administrative or disciplinary action and civil and
  criminal penalties.
  Any or all uses of this system and all files on this system are monitored,
  and recorded.
  This system is the property of xxx .
  Disconnect IMMEDIATELY if you are not an authorized user!
  ^C
  line con 0
  login local
  no modem enable
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  privilege level 15
  login local
  transport preferred telnet
  transport input telnet
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

  You need...
  Either a Fixed IP from your ISP, or a service like no-ip.org to look up your current IP.
  How to find the "Outside" IP on that machine go here...
  http://www.whatsmyip.org/
  If there's a Router involved at home then incoming ports must be directed to the proper local IP.
  Setup Sharing on the home Mac.

• Ethernet port lit, no internet

  I am having 2 problems with networking on my v570. 
  when hard-wire connected to a time warner arris modem, the computer sometimes recognizes the network but does not get internet access. 
  when connected to an airport extreme via the same modem, it connects to the internet but speeds are drastically low. when I hardwire connect a mac to the modem, it's blazing fast. 
  something seems to be wrong with the connectivity
  re: http://support.lenovo.com/en_US/diagnose-and-fix/detail.page?DocID=HT001712
  thanks,
  chad
  Solved!
  Go to Solution.

  If you have a Broadcom wifi, you will most likely be getting between 65-72mbps connection, that`s only a max of 8MB download speed.
  What connection speed is your wifi getting, and what brand of wifi card do you have Intel, Atheros or Broadcom.
  EDIT : what wifi connection speed and the reliability of the connection depends on any interfierence around you, from other wifi, bluetooth, dect phones, gas\elec meters, baby monitor, micowaves and the list goes on and on.
  Also what router you have can affect your wifi connection speed.
  The program in the link below, will show you all the wifi router in your area, the more the harder your notebook and router has to work to get a good connection.
  http://www.metageek.net/products/inssider/
  John.
  Win7 Lenovo Ideapad Z580 i5-3210m HD4000 Win7 x64 8gb 1600MHz Samsung 830 256GB SSD

• Is it dangerous if I expose UDP 1434 port of SQL 2008R2 server in Azure VM to the Internet ?

  I am setting up client/server Application running on SQL2008 server on Azure VM.
  Is it dangerous if I  expose UDP 1434 port of SQL 2008R2 server in Azure VM  to the Internet ?

  I do not get your answer exactly , but you mean "That is a much bigger issue from a security perspective." this is dangerous to expose SQL server connection port to the Internet ?
  Application uses named SQL instance , so it needs UDP 1434 port to connect to SQL server.
  Exposing any server to a network is dangerous.  Exposing a server to the public internet is more risky than connecting to a private network.  You cannot eliminate risk but it can be mitigated.
  An inherent risk with exposing the SQL Server port is that any client with network connectivity can then try to compromise security, commonly with a dictionary attack.  A malicious user can then gain access to the database limited only by
  the compromised account security context.
  There are several steps you can take to mitigate this risk.  To name a few, allow only trusted IP addresses through the firewall.  Run only those services actually needed.  Expose only those ports needed.  Rename the sa login. 
  Assign strong passwords to all accounts.  Keep all software up-to-date with security patches.  Use a service layer to access database services instead of directly from front-end clients.
  In your case, you can hard-code the named instance port in connection strings instead of using the SQL Browser service.  Your connection strings do not need to specify the instance name with this technique and UDP 1434 is not needed for connectivity. 
  Dan Guzman, SQL Server MVP, http://www.dbdelta.com

• WRT54GS port lights always on, internet light always on, only power connected.

  My WRT54GS v.2 wireless router has all port lights and internet light always on, even though the power is the only cable connected to it. The router won't detect the internet from my dsl modem. How can i fix this please, why is this happening ?
  thank you. 

  Did you try to reset the router by pushing and holding the reset button for 30 seconds or more?
  Richard Aichner (Ikester)

• Internet port problem

  i am a using a WRT54GH linksys router.. which was working fine for a year.. there was thunderstorm and lightning a few days back.. since then my routers internet port (the first port which says internet in yellow) has stopped working...can some please help me with this
  thanks in advance !!

  to do the RESET, use a ballpoint pen or a paper clip. stick it into the RESET hole in the back where the ports are. press and hold the button for 30 seconds. the power light should go blinking at one point... wait for a couple of minutes or so and the power light should go solid. if the power light still flashes after 2 minutes, turn of the router by taking out the power cord. wait 30 seconds and plug it back in. the powerlight will go blinking initially but should stay solid after about a couple of minutes.
  by the way, is the power light currently flashing or is it steady? from the looks of it, after you tried the test suggested by opheliaimmortal23, the ports may be busted. in which case, the device may already be bricked/ defective.

• Does the newest Airport Express not serve ethernet port internet?

  I have DSL to my tower with an 802.11N Airport card, I used the Airport Utility to 'make a new network' with an Airport Express 802.11N connected to my home theatre, and it works fine streaming iTunes.
  The cable co. makes you register the MAC address of the machine that will be served by the DSL modem, and allows up to two other addresses if phoned in otherwise any other MAC address attached direct to the DSL will not get a signal.
  I have made the network 'closed' and WEP2, then used the MAC address exclusions in Airport Utility to add a bit of extra protection.
  Under this set up I was under the impression that the tower would still serve DCHP addresses wirelessly to the Express to anything that knew the network name and password.
  The previous generation of Express used to be able to allow you to plug in a PDA with an ethernet card and be serving the ethernet, what is the problem with continuing that on the newest version? I see no point in being tied down to where ever the cable co. installed the modem just to use my PDA on the net, or cart the tower around the house to PDA connect to.
  The stupid Express was a great solution for that previously...walk to a wall socket plug in establish the network and connect something to the ethernet port.
  With previous Airport Utility software it was fairly clear as to whether you have turned on the ethernet port of the Express to serve an internet connection, with the latest AU software it is not.
  I CANNOT serve any DSL signal through the Express no matter what setting I have tried. Turning off the firewall settings, MAC addy exclusions, 'closed' network to open, and attempting to reset the Express with something other than the bridge configuration makes no change (or functional) signal service to the Express.
  I even imagined I would have to go through System Preferences and turn on Internet Sharing (sub selections, Share your connection from: "Built-In Ethernet" and further selection "To computers using: Airport"
  The only thing I didnt try tinkering with was the Web Proxy (HTTP) protocol selection as Glimmerblock uses that to help do its job, but that also doesnt make sense to downstream blocking the ethernet port from serving a web connection.
  If I try the other Simple Setup selections under AU software, I royally lose detection of the Express and otherwise does not do any favors for making this work. Someone here told another person to use the setup assistant chosing "Join existing network" but thats wrong, the tower cant make the network with just the Airport Card alone, it needs the Express available to 'make a new' network... you cant even access any panels of Airport Utility without the Express being reset and ready for programming with the AU software.
  Is there a way to make the port serve outgoing internet signal grabbed wirelessly from the tower?
  Mucho appreciato if someone could suggest what is up.

  No no, not an unsecure network, Im saying once the basic Assisted setup was followed in the previous OS 10.4 for Airport, you could go back in manually and set things to WDS which supposedly was the only way to go CableModem~Tower~Airport to Express~out express ethernet port to wired only machine.
  Ive tried doing it that way for this newer Airport Utility and its frustrating as blankity, the only way to make a wireless network is between the tower's airport card to the express, you cant make just a network with the built in Tower Card at all. Then you could force the express to join it, otherwise it wont work.
  I tried the WDS Main/Remote/Relay settings both ways with the Airport ID addresses for the tower AND express, switching them hoping one works, all I get is infinite loop of having to reenter the airport setup password when the express is updated and rebooted.
  It wasnt this intricate before, is all Im saying. All it took was setting to WDS mode after going thru basic setup, checkmarking the box, updating the unit, restarting and there, the express served the wired client through the ethernet port.

• Exposing BI CMC over internet for BO Mobile

  Dear All,
  I need to setup BO Mobile 4.1 SP2 and use dashboard reporting over iphone,ipad etc
  We are planning to have different hardware for mobile server.
  Below are the few queries I had with the BO Mobile team.
  1) Planning to use HTTPS for mobile and use tomcat as reverse proxy(HTTPS enabled).
  Tomcat would also be from same server. I would be following the notes 1299147. Planning to get certificates singed by CA.
  a) Please let me know if any additional configurations need to be followed.
  b) Command line for generating key,csr and importing certificates.(In the above note only self signed certificate information is given)
  2) HTTPS for BI would be enabled (as per the above note)
  3) Should the CMS (BI) server also exposed over the network with public IP address?
  Because in the mobile handset configuration I need to give the IP or host name of CMS server.
  Please help with relevant info.
  Thanks & Regards,
  SKumar

  HI S kumar,
  Lets take one step at a time!
  First things first!
  check with your network team for reverse proxy settings and firewall.
  The BI server need not be exposed to internet. Proxy can be used for that.
  your application server will route all request coming from your mobile device to the BI Server. So reverse proxy will work for that.
  HTTPS needs to be configured on the tomcat server. Also, CA certs need to be signed.
  once they are signed. Simply tell your admin to mail them to you.
  Acces your mails on your ipad or iphone.
  Download the certificate. It will prompt you to be installed.
  These steps are mentioned in the admin guide available at help.sap.com
  Regards,
  atul B

• Linksys WRT610N Port Forwarding

  I am finding it impossible to set up port forwarding. No matter what I do I remain completely stealthed when I do a port probe via www.grc.com. The only way I seem to be able to open a port is if I enable remote management. When I do that, whatever port I specifiy as the remote management port is then fully open. Obviously, I can't leave a port exposed like this and, anyway, I need to open multiple ports for my purposes.
  Is there a bug? Can technical support please help?
  Some background: I'm in the UK and I connect to the internet using the Fibre-to-the-cabinet (FTTC) technology. I have a BT supplied modem (Huawei Echolife HG612) which is completely locked (it is BT property) with no ability to log in and change settings. The WRT610N is plugged into the LAN socket of the modem and connects via PPPoE. Everything else works fine.

  A firewall does not open or close a port. A firewall blocks or passes transient traffic. Thus if the port is closed on the computer it doesn't matter what the firewall does. The port will never show up as open as long as the port is not in use.
  ifconfig
  netstat -an