Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall not blocking port access?

    IDS/IPS
    3
    4
    217
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xokia
      last edited by

      The only port forwarding I have open is to 192.168.3.12 I do have port 80 and port 443 forwarded to 192.168.3.12. What I am not understanding is how am I even seeing anything going to 192.168.3.2? I would think the firewall would block that? I have nothing at 192.168.3.2

      8bf41701-daf9-44b4-a622-06fa43cfb8ea-image.png

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @xokia
        last edited by

        @xokia Those would be responses from the web server to that device.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • bmeeksB
          bmeeks
          last edited by bmeeks

          Where do you have Suricata running: WAN or LAN interface?

          If WAN, Suricata sits out in front of the firewall and thus sees inbound traffic before any firewall rules have been applied. This is one reason I recommend running Suricata on internal interfaces and not on the WAN. It will be checking and blocking traffic the subsequent firewall rules are going to block anyway, so you are doing double work for no benefit. Check out these diagrams to see how Suricata is plumbed in pfSense:

          ids-ips-network-flow-legacy-mode.png
          ids-ips-network-flow-ips-mode.png

          X 1 Reply Last reply Reply Quote 0
          • X
            xokia @bmeeks
            last edited by

            @bmeeks

            I have Snort running on my local LAN.

            This is actually a durp moment. I had assigned a static IP to my local desktop because I was accessing a new managed switch I purchased to set the switch up for my network. I forgot to switch the desktop IP back. So while I was saying nothing existed at 192.168.3.2 it was actually the machine I was using to access everything. So False alarm.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post