CodeSys 3.5 / CodeSysControl 4.0.1.0 - Which ports are used for "Scan Network"

Engineering 🇬🇧
lefish
2021-10-18
2021-10-20

  • lefish - 2021-10-18

    Hi there,

    I have set up a firewall on my RPi by setting iptables.

    This is my configuration:

    pi@tbrpi:~ $ sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5970 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 1880 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 1880 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 1880 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 11740 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 11740 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 11740 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 11743 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 11743 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 11743 -j ACCEPT
-A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 31421 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 1217 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 1217 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 1217 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 4840 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 4840 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 4840 -j ACCEPT
-A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 4840 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 5900 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 5900 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 5900 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 3350 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 3350 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 3350 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 162 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 162 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 162 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    pinging from my Windows 10 Dev-PC works:

    C:\Users\myPC>ping tbrpi

Ping wird ausgeführt für tbrpi.lan [192.168.1.224] mit 32 Bytes Daten:
Antwort von 192.168.1.224: Bytes=32 Zeit=22ms TTL=64
Antwort von 192.168.1.224: Bytes=32 Zeit=2ms TTL=64
Antwort von 192.168.1.224: Bytes=32 Zeit=2ms TTL=64

Ping-Statistik für 192.168.1.224:
    Pakete: Gesendet = 3, Empfangen = 3, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 2ms, Maximum = 22ms, Mittelwert = 8ms

    It also works to manually add the RPi hostname "tbrpi" in CodeSys:

    What does not work is to scan the network for the same tbrpi device.

    If I define the default rule 

    -P INPUT ACCEPT

    in iptables, then everything works as expected.

    Which additional ports do I need to open?

    Thank you!

    BR
    LeFish

     

    Last edit: lefish 2021-10-18
    Thumbnail
    manuallyadded.PNG

Log in to post a comment.