it would be good it you provided screenshot on gui or copy-paste from CLI about things you did to see where, how and what you have changed.
Btw have you checked your firewall config on open ports?
First, the emulated service runs on some other port (it is a port higher by 1369 than the real port by default – if telnet is port 23, the emulated one listens on port 1392)
That’s why you can have real service running on those ports while having minipot active. In fact minipot ports are not open on firewall, you won’t find any firewall rules related in Luci overview. Turris decides if the traffic will go to firewall or to honeypot service.
Also minipot is not only service using 23,80,8080 (capturing attacker’s comands). Same ports are also used by Ludus (inspecting packets).
|[2020/01/31 10:21:34.114333]|Ludus system started.|
|[2020/01/31 10:21:36.922456]|Opening honeypots in ports: [(‘tcp’, 80)]|
I do not know why there is only port 80, sometimes i see 8080 or/and 23 as well. TBH: i am not sure, what is “wanted” state. All ports “open” in both service, or just in one or the other?