How can I find out why LAN device is accessible even though I have no WAN ports forwarded and UPnP is disabled?
-
I am using https://www.goodsync.com/. It uses UPnP to let me browse my computer's contents from their website (while not on my LAN).
The thing is, UPnP is disabled on my pfsense box. And yet I can still browse the files on my computer from the GS website while not on my LAN.
I installed GS on two VMs (that are getting IPs from pfs) and was able to access their files from the GS website. Very odd.
How can I track down what is going on?
-
@imthenachoman If software is installed typically that would connect out to the service. No port forwarding needed. Same way many remote control programs work.
You could check Diagnostics/States for connections to/from the computers.
-
@steveits I don't follow. Once the app is running on my computer, I have to go to the GS website to initiate a connection to my computer. Wouldn't that need to come through the WAN port?
-
@imthenachoman Not if the software connects out to the service to check. We have an agent on all our clients’ PCs and because it checks in every few seconds we have almost immediate access, without any ports forwarded to each PC.
-
@imthenachoman said in How can I find out why LAN device is accessible even though I have no WAN ports forwarded and UPnP is disabled?:
I don't follow. Once the app is running on my computer,
Yes, you do.
As you already used Teamviewer ones in your live, right ? It's the same concept : the teamviewer app has to be launched on the device on your LAN.
When you give some one on the phone the ID and password, that person can 'from the other end' also using teamviewer can access your PC / desktop etc just fine.
No NATtted ports or uPNPN needed.Because the PC on LAN opens a connection to a teamviewer server.
These connections are data channels and are bi directional. Ones the connection is initiated from the PC LAN side, commands, traffic etc can go both sides.And even better : why do you see the Google page from the Google web server on your PC, your browser ?
Because your browser opened up a channel (TCPO connection) to the Google web server, and asked it a question : "give me the / page".
The web server answered by returning the page content.
After it showed the page, the browser stops the connection. -
@steveits said in How can I find out why LAN device is accessible even though I have no WAN ports forwarded and UPnP is disabled?:
@imthenachoman Not if the software connects out to the service to check. We have an agent on all our clients’ PCs and because it checks in every few seconds we have almost immediate access, without any ports forwarded to each PC.
Ah. I see. Thank you!
@gertjan said in How can I find out why LAN device is accessible even though I have no WAN ports forwarded and UPnP is disabled?:
@imthenachoman said in How can I find out why LAN device is accessible even though I have no WAN ports forwarded and UPnP is disabled?:
I don't follow. Once the app is running on my computer,
Yes, you do.
As you already used Teamviewer ones in your live, right ? It's the same concept : the teamviewer app has to be launched on the device on your LAN.
When you give some one on the phone the ID and password, that person can 'from the other end' also using teamviewer can access your PC / desktop etc just fine.
No NATtted ports or uPNPN needed.Because the PC on LAN opens a connection to a teamviewer server.
These connections are data channels and are bi directional. Ones the connection is initiated from the PC LAN side, commands, traffic etc can go both sides.And even better : why do you see the Google page from the Google web server on your PC, your browser ?
Because your browser opened up a channel (TCPO connection) to the Google web server, and asked it a question : "give me the / page".
The web server answered by returning the page content.
After it showed the page, the browser stops the connection.I get that now. I didn't realize this is how it might work. Thank you.
