Portcheck 80 443 DSlite

[ghost]

The port check (80/443) does not work correctly with Internet access via DSlite. Apparently the IPV4 address, which is assigned by DSlite, is checked. However, this IPv4 cannot be reached from the outside. Only the assigned IPv6 for the Pi is publicly available. Appropriately, the check should also include the check via IPv6 for port 80/443. <!--

PROBLEMS

-->

System information

NextCloudPi diagnostics

``` NextCloudPi version v1.39.12 distribution Debian GNU/Linux 10 \n \l automount no USB devices sda sdb datadir /media/USBdrive/ncdata data in SD no data filesystem ext2/ext3 data disk usage 919G/1,8T rootfs usage 4,9G/29G swapfile /dev/zram3 dbdir /var/lib/mysql Nextcloud check ok Nextcloud version 21.0.4.1 HTTPD service up PHP service up MariaDB service up Redis service up HPB service down Postfix service up internet check ok port check 80 closed port check 443 closed IP ***REMOVED SENSITIVE VALUE*** gateway ***REMOVED SENSITIVE VALUE*** interface eth0 certificates ***REMOVED SENSITIVE VALUE*** NAT loopback no uptime 18:14

Nextcloud configuration

``` { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": { "0": "localhost", "1": "192.168.222.100", "2": " "***REMOVED SENSITIVE VALUE***", "5": "nextcloudpi.fritz.box", "7": "nextcloudpi", "9": "***REMOVED SENSITIVE VALUE***", "12": " "***REMOVED SENSITIVE VALUE***", "13": " "***REMOVED SENSITIVE VALUE***", "11": " "***REMOVED SENSITIVE VALUE***", "3": " "***REMOVED SENSITIVE VALUE***" }, "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "21.0.4.1", "overwrite.cli.url": "https:\/\***REMOVED SENSITIVE VALUE***\/", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "timeout": 0, "password": "***REMOVED SENSITIVE VALUE***" }, "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "preview_max_x": "1024", "preview_max_y": "1024", "jpeg_quality": "60", "overwriteprotocol": "https", "maintenance": false, "tempdirectory": "\/media\/USBstick\/nctmp", "logfile": "\/media\/USBdrive\/ncdata\/nextcloud.log", "loglevel": "2", "log_type": "file", "mail_sendmailmode": "smtp", "theme": "", "htaccess.RewriteBase": "\/", "auth.bruteforce.protection.enabled": true, "versions_retention_obligation": "auto, 7", "trashbin_retention_obligation": "auto, 7", "app_install_overwrite": [ "previewgenerator" ], "enable_previews": true, "enabledPreviewProviders": [ "OC\\Preview\\Movie", "OC\\Preview\\PNG", "OC\\Preview\\JPEG", "OC\\Preview\\GIF", "OC\\Preview\\BMP", "OC\\Preview\\XBitmap", "OC\\Preview\\MP3", "OC\\Preview\\MP4", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown" ], "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "ssl", "data-fingerprint": "a10484b97892ec37f4acba47db21be51", "default_phone_region": "DE" } } ```

HTTPd logs

``` [Thu Sep 23 00:00:09.606996 2021] [ssl:warn] [pid 3582:tid 547779081600] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Thu Sep 23 00:00:09.608403 2021] [mpm_event:notice] [pid 3582:tid 547779081600] AH00489: Apache/2.4.38 (Debian) OpenSSL/1.1.1d configured -- resuming normal operations [Thu Sep 23 00:00:09.608435 2021] [core:notice] [pid 3582:tid 547779081600] AH00094: Command line: '/usr/sbin/apache2' [Thu Sep 23 07:34:03.767044 2021] [proxy_fcgi:error] [pid 32717:tid 547682156928] [client 192.168.222.20:49997] AH01071: Got error 'PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 109PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 110PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 111PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 113PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 114PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 115PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 118PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 109PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 110PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 111PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 113PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 114PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 115PHP message: PHP Notice: Undefined offset: 1 in /var/www/ncp-web/ncp-launcher.php on line 118' ```

Database logs

``` ```

Nextcloud logs

```

[nachoparker]

Thanks for reporting. We can improve this if you help out with testing, since you have this setup :)

[ghost]

Naturally. I like to help when I can. I would then need a little help with testing

[nachoparker]

Great! let's try this

sudo su
source /usr/local/bin/ncp-diag &>/dev/null
set -x
is_port_open 80
is_port_open 8484

Please use a port that you know is open (80) and one you know is not (8484), and share the output

[ghost]

current : ncp 1.40.5 de - I put all commands in a bash-file :

• is_port_open 80
• local port=80
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185 ++ mktemp
• local tmp_file=/tmp/user/0/tmp.CEaXH8a3jO ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.CEaXH8a3jO https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=EFBelgoZiZnTbWVP-d8UG5SwY7QSatctZth6hVcT1jU"'
• [[ EFBelgoZiZnTbWVP-d8UG5SwY7QSatctZth6hVcT1jU" != '' ]]
• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.CEaXH8a3jO https://portchecker.co --post-data 'target_ip=94.31.85.185&port=80&_csrf=EFBelgoZiZnTbWVP-d8UG5SwY7QSatctZth6hVcT1jU'
• grep -q 'open'
• rm /tmp/user/0/tmp.CEaXH8a3jO
• echo closed closed
• is_port_open 8484
• local port=8484
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185 ++ mktemp
• local tmp_file=/tmp/user/0/tmp.FOK2h7Jq2U ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.FOK2h7Jq2U https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=Z0e-nNeNNnCqehAjQQQrKwNekMIwhApqwmEK2_slcdI"'
• [[ Z0e-nNeNNnCqehAjQQQrKwNekMIwhApqwmEK2_slcdI" != '' ]]
• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.FOK2h7Jq2U https://portchecker.co --post-data 'target_ip=94.31.85.185&port=8484&_csrf=Z0e-nNeNNnCqehAjQQQrKwNekMIwhApqwmEK2_slcdI'
• grep -q 'open'
• rm /tmp/user/0/tmp.FOK2h7Jq2U
• echo closed closed

The webpage:4443 :

[nachoparker]

thank you, let's do something else so I can see the complete output

sudo su
ncp-update devel
source /usr/local/etc/library.sh 
set -x
is_port_open 80
is_port_open 8484

[ghost]

Here is the oiutput;

INFO: updating to development branch 'devel' Downloading updates Performing updates No such app enabled: updatenotification Running nc-notify-updates update web notifications enabled Installing nc-backup OK:1 http://archive.raspberrypi.org/debian buster InRelease OK:2 http://ftp.de.debian.org/debian buster InRelease Holen:3 http://ftp.de.debian.org/debian-security buster/updates InRelease [65,4 kB] OK:4 https://packages.cisofy.com/community/lynis/deb stable InRelease Holen:5 http://ftp.de.debian.org/debian buster-updates InRelease [51,9 kB] Holen:6 http://ftp.de.debian.org/debian buster-proposed-updates InRelease [54,5 kB] Ign:7 http://download.webmin.com/download/repository sarge InRelease Holen:8 http://deb.debian.org/debian buster-backports InRelease [46,7 kB] OK:9 http://download.webmin.com/download/repository sarge Release Holen:10 http://ftp.de.debian.org/debian-security buster/updates/main arm64 Packages [301 kB] Holen:11 http://ftp.de.debian.org/debian-security buster/updates/main armhf Packages [300 kB] Holen:13 http://deb.debian.org/debian buster-backports/main armhf Packages [476 kB] Holen:14 http://deb.debian.org/debian buster-backports/main arm64 Packages [481 kB] Holen:15 http://deb.debian.org/debian buster-backports/main Translation-en [408 kB] Es wurden 2.185 kB in 3 s geholt (646 kB/s). Paketlisten werden gelesen... Fertig Paketlisten werden gelesen... Fertig Abhängigkeitsbaum wird aufgebaut. Statusinformationen werden eingelesen.... Fertig pigz ist schon die neueste Version (2.4-1). 0 aktualisiert, 0 neu installiert, 0 zu entfernen und 1 nicht aktualisiert. Running nc-autoupdate-nc automatic Nextcloud updates enabled NextCloudPi updated to version v1.41.2

• is_port_open 80
• local port=80
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185 ++ mktemp
• local tmp_file=/tmp/user/0/tmp.eBhdGh3g7M ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.eBhdGh3g7M https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=QElLsQ1qwRbUnupFqxMMJmVmAlMy8yfcR-NMIYYAeBg"'
• [[ QElLsQ1qwRbUnupFqxMMJmVmAlMy8yfcR-NMIYYAeBg" != '' ]]

• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.eBhdGh3g7M https://portchecker.co --post-data 'target_ip=94.31.85.185&port=80&_csrf=QElLsQ1qwRbUnupFqxMMJmVmAlMy8yfcR-NMIYYAeBg' <!DOCTYPE html>

  • 

  • Free DNS
  • Email Checker
  • Show My IP
  • Port Scanner

  Port Checker

  Check for open ports and verify port forwarding setup on your router.

  Your IP Address

  Use Current IP

  Port Number

  FTP - 21 SSH - 22 SMTP - 25 DNS - 53 HTTP - 80 POP3 - 110 IMAP - 143 IRC - 194 HTTPS - 443 SMTPS - 445 RSYNC - 873 MySQL - 3306 Remote Desktop - 3389 PC Anywhere - 5631 VNC - 5900 Redis - 6379 Memcached - 11211 Minecraft - 25565

  Check

  Port 80 is closed.

  What is Port Checker ?

  Port Checker is a simple and free online tool for checking open ports on your computer/device, often useful in testing port forwarding settings on a router. For instance, if you're facing connection issues with a program (email, IM client etc) then it may be possible that the port required by the application is getting blocked by your router's firewall or your ISP. In such cases, this tool might help you in diagnosing any problem with firewall setup. You could also find this useful for security purpose, in case you're not sure whether a particular port is open or closed. If you host and play games like Minecraft, use this checker to make sure the server port(25565) is configured properly for port forwarding, then only your friends will be able to connect to your server.

  Most Commonly Used Ports

  Port numbers ranges from 1 to 65535, out of which well known ports are pre-defined as convention by IANA.

  • 0-1023 - Well known ports (HTTP, SMTP, DHCP, FTP etc)
  • 1024-49151 - Reserved Ports
  • 49152-65535 - Dynamic/Private Ports

  Well known ports

  • 20 & 21 - FTP (File Transfer Protocol)
  • 22 - SSH (Secure Shell)
  • 23 - Telnet, a Remote Login Service
  • 25 - SMTP (Simple Mail Transfer Protocol)
  • 53 - DNS (Domain Name System)
  • 80 - HTTP (Hypertext Transfer Protocol)
  • 110 - POP3 (Post Office Protocol 3)
  • 115 - SFTP (Secure File Transfer Protocol)
  • 123 - NTP (Network Time Protocol)
  • 143 - IMAP (Internet Message Access Protocol)
  • 161 - SNMP (Simple Network Management Protocol
  • 194 - IRC (Internet Relay Chat)
  • 443 - SSL / HTTPS (Hypertext Transfer Protocol Secure)
  • 445 - SMB
  • 465 - SMTPS (Simple Mail Transfer Protocol over SSL)
  • 554 - RTSP (Real Time Stream Control Protocol)
  • 873 - RSYNC (RSYNC File Transfer Services)
  • 993 - IMAPS (Internet Message Access Protocol over SSL)
  • 995 - POP3S (Post Office Protocol 3 over SSL)
  • 3389 - RDP (Remote Desktop Protocol)
  • 5631 - PC Anywhere
  • 3306 - MySQL
  • 5432 - PostgreSQL
  • 5900 - VNC
  • 6379 - Redis
  • 11211 - Memcached
  • 25565- Minecraft

  If you're looking for a full list of port numbers check out this wikipedia page. I've listed all the common ports above, feel free to enter any custom port number to check. By default, this site is taking your device's IP address as target ip address (the device through which you're visiting this web page), but you can change the IP input field to check for other IP addresses - remote clients and servers as well. But, please don't misuse this option otherwise, I would have to restrict the IP address to source again (as I had done earlier). Please keep in mind that if you're using a VPN or proxy server then it may not be able to get your device's IP correctly.

  Understanding Port Forwarding

  Port forwarding or port mapping involves translating the address (or port number to a new destination), accepting the packets and forwarding it (using routing table). It's typically used in connecting remote computers to specific programs running on computer (in a private LAN (Local Area Network)). For example : running a public server (HTTP, port 80) on a computer in a private LAN or granting SSH access to a specific computer in a private LAN etc. Read More on Wikipedia.

  Share on : Twitter Facebook

  If you've any feedback/suggestion for this website, please let me know.

  
  
  

  © 2020 PortChecker.co | Privacy Policy

  • Show My IP
  • Unscramble Words
  • Contact
• rm /tmp/user/0/tmp.eBhdGh3g7M
• is_port_open 8484
• local port=8484
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185 ++ mktemp
• local tmp_file=/tmp/user/0/tmp.jAQlUVEXBO ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.jAQlUVEXBO https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=SZYOWiiF4oMc9-tUXyYRRLAtWEWjQ8ocvBFCMl68eP0"'
• [[ SZYOWiiF4oMc9-tUXyYRRLAtWEWjQ8ocvBFCMl68eP0" != '' ]]

• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.jAQlUVEXBO https://portchecker.co --post-data 'target_ip=94.31.85.185&port=8484&_csrf=SZYOWiiF4oMc9-tUXyYRRLAtWEWjQ8ocvBFCMl68eP0' <!DOCTYPE html>

  • 

  • Free DNS
  • Email Checker
  • Show My IP
  • Port Scanner

  Port Checker

  Check for open ports and verify port forwarding setup on your router.

  Your IP Address

  Use Current IP

  Port Number

  FTP - 21 SSH - 22 SMTP - 25 DNS - 53 HTTP - 80 POP3 - 110 IMAP - 143 IRC - 194 HTTPS - 443 SMTPS - 445 RSYNC - 873 MySQL - 3306 Remote Desktop - 3389 PC Anywhere - 5631 VNC - 5900 Redis - 6379 Memcached - 11211 Minecraft - 25565

  Check

  Port 8484 is closed.

  What is Port Checker ?

  Port Checker is a simple and free online tool for checking open ports on your computer/device, often useful in testing port forwarding settings on a router. For instance, if you're facing connection issues with a program (email, IM client etc) then it may be possible that the port required by the application is getting blocked by your router's firewall or your ISP. In such cases, this tool might help you in diagnosing any problem with firewall setup. You could also find this useful for security purpose, in case you're not sure whether a particular port is open or closed. If you host and play games like Minecraft, use this checker to make sure the server port(25565) is configured properly for port forwarding, then only your friends will be able to connect to your server.

  Most Commonly Used Ports

  Port numbers ranges from 1 to 65535, out of which well known ports are pre-defined as convention by IANA.

  • 0-1023 - Well known ports (HTTP, SMTP, DHCP, FTP etc)
  • 1024-49151 - Reserved Ports
  • 49152-65535 - Dynamic/Private Ports

  Well known ports

  • 20 & 21 - FTP (File Transfer Protocol)
  • 22 - SSH (Secure Shell)
  • 23 - Telnet, a Remote Login Service
  • 25 - SMTP (Simple Mail Transfer Protocol)
  • 53 - DNS (Domain Name System)
  • 80 - HTTP (Hypertext Transfer Protocol)
  • 110 - POP3 (Post Office Protocol 3)
  • 115 - SFTP (Secure File Transfer Protocol)
  • 123 - NTP (Network Time Protocol)
  • 143 - IMAP (Internet Message Access Protocol)
  • 161 - SNMP (Simple Network Management Protocol
  • 194 - IRC (Internet Relay Chat)
  • 443 - SSL / HTTPS (Hypertext Transfer Protocol Secure)
  • 445 - SMB
  • 465 - SMTPS (Simple Mail Transfer Protocol over SSL)
  • 554 - RTSP (Real Time Stream Control Protocol)
  • 873 - RSYNC (RSYNC File Transfer Services)
  • 993 - IMAPS (Internet Message Access Protocol over SSL)
  • 995 - POP3S (Post Office Protocol 3 over SSL)
  • 3389 - RDP (Remote Desktop Protocol)
  • 5631 - PC Anywhere
  • 3306 - MySQL
  • 5432 - PostgreSQL
  • 5900 - VNC
  • 6379 - Redis
  • 11211 - Memcached
  • 25565- Minecraft

  If you're looking for a full list of port numbers check out this wikipedia page. I've listed all the common ports above, feel free to enter any custom port number to check. By default, this site is taking your device's IP address as target ip address (the device through which you're visiting this web page), but you can change the IP input field to check for other IP addresses - remote clients and servers as well. But, please don't misuse this option otherwise, I would have to restrict the IP address to source again (as I had done earlier). Please keep in mind that if you're using a VPN or proxy server then it may not be able to get your device's IP correctly.

  Understanding Port Forwarding

  Port forwarding or port mapping involves translating the address (or port number to a new destination), accepting the packets and forwarding it (using routing table). It's typically used in connecting remote computers to specific programs running on computer (in a private LAN (Local Area Network)). For example : running a public server (HTTP, port 80) on a computer in a private LAN or granting SSH access to a specific computer in a private LAN etc. Read More on Wikipedia.

  Share on : Twitter Facebook

  If you've any feedback/suggestion for this website, please let me know.

  
  
  

  © 2020 PortChecker.co | Privacy Policy

  • Show My IP
  • Unscramble Words
  • Contact
• rm /tmp/user/0/tmp.jAQlUVEXBO

---

Notice: When I change manually curl -m4 -4 https://icanhazip.com to curl -m4 -6 https://icanhazip.com

in the library it is working. IPlease: I don't wont' to publish my IPV6 here. Thank you.

[nachoparker]

thanks, interesting. We added the -4 for dual stack. How about just removing the parameter altogether? does that work?

[ghost]

yes. curl -m4 -4 https://icanhazip.com -> returns the unreachable shared DSlite-IPv4-Adress of my pi curl -m4 -6 https://icanhazip.com -> returns the reachable IPv6-Adress of my pi curl -m4 https://icanhazip.com -> returns the reachable IPv6-Adress of my pi

Maybe it is useful to check for IPv6-adresses in a additional step, if the check for IPv4 ends up with CLOSED:

IPv6=$(ip -6 addr|awk '{print $2}'|grep -P '^(?!fe80)(?!fd00)[[:alnum:]]{4}:.*/64'|cut -d '/' -f1) if [[ -n "$IPv6" ]] then ... curl -m4 -6 https://icanhazip.com ... fi

[nachoparker]

exactly my thought. Please try again

sudo su
ncp-update devel
source /usr/local/etc/library.sh 
set -x
is_port_open 80
is_port_open 8484

[ghost]

INFO: updating to development branch 'devel' Downloading updates Performing updates No such app enabled: updatenotification Running nc-notify-updates update web notifications enabled Installing nc-backup OK:1 http://archive.raspberrypi.org/debian buster InRelease Holen:2 http://deb.debian.org/debian buster-backports InRelease [46,7 kB] OK:3 http://ftp.de.debian.org/debian buster InRelease OK:4 http://ftp.de.debian.org/debian-security buster/updates InRelease Holen:5 http://ftp.de.debian.org/debian buster-updates InRelease [51,9 kB] OK:6 https://packages.cisofy.com/community/lynis/deb stable InRelease Holen:7 http://ftp.de.debian.org/debian buster-proposed-updates InRelease [54,5 kB] Ign:8 http://download.webmin.com/download/repository sarge InRelease OK:9 http://download.webmin.com/download/repository sarge Release Es wurden 153 kB in 2 s geholt (67,9 kB/s). Paketlisten werden gelesen... Fertig Paketlisten werden gelesen... Fertig Abhängigkeitsbaum wird aufgebaut. Statusinformationen werden eingelesen.... Fertig pigz ist schon die neueste Version (2.4-1). 0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert. Running nc-autoupdate-nc automatic Nextcloud updates enabled NextCloudPi updated to version v1.41.7

• is_port_open 80
• local port=80
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185
• [[ 94.31.85.185 == '' ]] ++ mktemp
• local tmp_file=/tmp/user/0/tmp.XJgbQ8oDlU ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.XJgbQ8oDlU https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=NqHIpSx5IBfc7J4SyUYMAfmBFFdKe9gC6yTTLG115wM"'
• [[ NqHIpSx5IBfc7J4SyUYMAfmBFFdKe9gC6yTTLG115wM" != '' ]]
• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.XJgbQ8oDlU https://portchecker.co --post-data 'target_ip=94.31.85.185&port=80&_csrf=NqHIpSx5IBfc7J4SyUYMAfmBFFdKe9gC6yTTLG115wM'
• grep -q 'open'
• rm /tmp/user/0/tmp.XJgbQ8oDlU
• is_port_open 8484
• local port=8484
• local public_ip ++ curl -m4 -4 https://icanhazip.com
• public_ip=94.31.85.185
• [[ 94.31.85.185 == '' ]] ++ mktemp
• local tmp_file=/tmp/user/0/tmp.1VrEjburyX ++ wget -T2 -t1 -qO- --keep-session-cookies --save-cookies /tmp/user/0/tmp.1VrEjburyX https://portchecker.co ++ grep -oP '_csrf" value="\K.*"'
• local 'token=CwAvtHpdEh10bPNhouhhVQzF3nTcdG60kbTN6AroNs8"'
• [[ CwAvtHpdEh10bPNhouhhVQzF3nTcdG60kbTN6AroNs8" != '' ]]
• wget -T2 -t1 -qO- --load-cookies /tmp/user/0/tmp.1VrEjburyX https://portchecker.co --post-data 'target_ip=94.31.85.185&port=8484&_csrf=CwAvtHpdEh10bPNhouhhVQzF3nTcdG60kbTN6AroNs8'
• grep -q 'open'
• rm /tmp/user/0/tmp.1VrEjburyX

My thought - in the case of "closed" - to check by IPv6, seems to have a hook, because apparently the global, shared IPv4 can be reached on all ports, but actually there is no forwarding to the PI, but only over the IPv6 address. Totally chaotic gets the thing when taken into account that the determined IPv4 is not even the "public" CGNAT address of the Fritzbox itself. Here are obviously other "translations" take place.

Here is a look https://www.msxfaq.de/netzwerk/grundlagen/ggnat.htm helpful. Unfortunately in German.

The IPv4 94.31.85,185 determined by CURL doesn't appears in any Traceroute. It is a fantasy no. It is not from the CGNAT range 100.64.0.0 to 100.127.255.255. The sensitive force in terms of open / closed so little convenient. At the moment I only see the option to check the determined IPv4 for validity (CGNAT detection, etc.), which would make the process very expensive. I do not know a general solution for that.

Maybe it would be useful to perform the Portcheck generally via IPv4 and IPv6 and supplement the information on the status page

Portcheck 80 IPv4 (94.31.85.185) -> Open IPv6 (....) -> Open Portcheck 443 IPv4 (94.31.85.185) -> Open IPv6 (....) -> Open

The user would have to / could then decide even because of the knowledge of his situation, whether the result has enough for him.

[nachoparker]

well, if the user is behind CGNAT there is no chance to be reached from the outside, so I think this is good enough.

Many thanks for the help!