WAN interface has ports 22 and 53 open
-
The WAN interface of my pfsense system has both port 22 and port 53 open and I do not know why.There are no rules allowing traffic on these ports but they accept traffic. My question is why are they open by default and is the only way to close them with explicit rules on the WAN interface?
-
I should have added that this is a Netgate 1100 and the version on pfSense is 24.03-RELEASE (arm64) built on Thu Aug 22 3:32:00 NZST 2024 FreeBSD 15.0-CURRENT
-
Port 22 is for SSH
Port 53 is for DNSpfSense doesn't open those by default. Are you sure it is pfSense? Some ISP modems have ports open for remote access/configuration, which might be what you are seeing.
Run test here. Shields Up!
Example, ATT upgraded me to a Pace 5268, which had port 22 open. I sent it back and reinstalled my old NVG599
-
@elvisimprsntr The WAN interface does obtain its IP address from my ISPs device but would that open ports 22 and 53?
-
What scan method did you run to determine ports 22 and 53 are open. If you run an nmap scan from the LAN side, it will see ports 22 and 53 open, which is normal if you enabled SSH access and are running a DNS resolver/forwarder in pfSense
As suggested, run the GRC Shields Up scan, which will scan for external open ports.
https://www.grc.com/x/ne.dll?bh0bkyd2
-
My pfSense firewall is behind a cable modem/"firewall" supplied by my ISP which is only open on the ports I opened. But I would still like to know why my pfSense has opened ports 22 and 53 on the WAN interface. I could explicitly block them, but I am interested as to why they are open and if it is something I have caused,
-
I determined this by running nmap against the external IP address
sudo nmap -P0 192.168.1.192
[sudo] password for jmb01:
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-15 19:20 NZST
Nmap scan report for pfSense.hub (192.168.1.192)
Host is up (0.00069s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 4.75 seconds
-
Again, what method did you use to determine ports 22 and 53 are open?
Run the GRC Shields Up!
I can't help you otherwise.
-
If I run the same nmap against the internal address it tells me ports 22, 53, and 443 are open, which what I expect
-
Unfortunately GRC Shields Up! only "sees" the ISP provided modem/firewall
-
@jmb01 said in WAN interface has ports 22 and 53 open:
I determined this by running nmap against the external IP address
sudo nmap -P0 192.168.1.192
[sudo] password for jmb01:
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-15 19:20 NZST
Nmap scan report for pfSense.hub (192.168.1.192)
Host is up (0.00069s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 4.75 seconds
That is because you are running nmap from the LAN side, which will see all the open ports on the LAN side.
Use the GRC Shields Up!
-
@jmb01 said in WAN interface has ports 22 and 53 open:
Unfortunately GRC Shields Up! only "sees" the ISP provided modem/firewall
That is what it is designed to do.
-
Or run nmap from a device connected to the ISP router so it's on the pfSense WAN subnet.
-
@elvisimprsntr said in WAN interface has ports 22 and 53 open:
ATT upgraded me to a Pace 5268, which had port 22 open. I sent it back and reinstalled my old NVG599
Christ.