Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN interface has ports 22 and 53 open

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 468 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmb01 @elvisimprsntr
      last edited by

      @elvisimprsntr The WAN interface does obtain its IP address from my ISPs device but would that open ports 22 and 53?

      E 1 Reply Last reply Reply Quote 0
      • E
        elvisimprsntr @jmb01
        last edited by elvisimprsntr

        @jmb01

        What scan method did you run to determine ports 22 and 53 are open. If you run an nmap scan from the LAN side, it will see ports 22 and 53 open, which is normal if you enabled SSH access and are running a DNS resolver/forwarder in pfSense

        As suggested, run the GRC Shields Up scan, which will scan for external open ports.

        https://www.grc.com/x/ne.dll?bh0bkyd2

        1 Reply Last reply Reply Quote 0
        • J
          jmb01
          last edited by

          My pfSense firewall is behind a cable modem/"firewall" supplied by my ISP which is only open on the ports I opened. But I would still like to know why my pfSense has opened ports 22 and 53 on the WAN interface. I could explicitly block them, but I am interested as to why they are open and if it is something I have caused,

          E 1 Reply Last reply Reply Quote 0
          • J
            jmb01
            last edited by

            I determined this by running nmap against the external IP address
            sudo nmap -P0 192.168.1.192
            [sudo] password for jmb01:
            Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-15 19:20 NZST
            Nmap scan report for pfSense.hub (192.168.1.192)
            Host is up (0.00069s latency).
            Not shown: 996 filtered ports
            PORT STATE SERVICE
            22/tcp open ssh
            25/tcp open smtp
            53/tcp open domain
            443/tcp open https

            Nmap done: 1 IP address (1 host up) scanned in 4.75 seconds

            E 1 Reply Last reply Reply Quote 0
            • E
              elvisimprsntr @jmb01
              last edited by

              @jmb01

              Again, what method did you use to determine ports 22 and 53 are open?

              Run the GRC Shields Up!

              I can't help you otherwise.

              1 Reply Last reply Reply Quote 0
              • J
                jmb01
                last edited by

                If I run the same nmap against the internal address it tells me ports 22, 53, and 443 are open, which what I expect

                1 Reply Last reply Reply Quote 0
                • J
                  jmb01
                  last edited by

                  Unfortunately GRC Shields Up! only "sees" the ISP provided modem/firewall

                  E 1 Reply Last reply Reply Quote 0
                  • E
                    elvisimprsntr @jmb01
                    last edited by

                    @jmb01 said in WAN interface has ports 22 and 53 open:

                    I determined this by running nmap against the external IP address
                    sudo nmap -P0 192.168.1.192
                    [sudo] password for jmb01:
                    Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-15 19:20 NZST
                    Nmap scan report for pfSense.hub (192.168.1.192)
                    Host is up (0.00069s latency).
                    Not shown: 996 filtered ports
                    PORT STATE SERVICE
                    22/tcp open ssh
                    25/tcp open smtp
                    53/tcp open domain
                    443/tcp open https

                    Nmap done: 1 IP address (1 host up) scanned in 4.75 seconds

                    That is because you are running nmap from the LAN side, which will see all the open ports on the LAN side.

                    Use the GRC Shields Up!

                    1 Reply Last reply Reply Quote 0
                    • E
                      elvisimprsntr @jmb01
                      last edited by

                      @jmb01 said in WAN interface has ports 22 and 53 open:

                      Unfortunately GRC Shields Up! only "sees" the ISP provided modem/firewall

                      That is what it is designed to do.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Or run nmap from a device connected to the ISP router so it's on the pfSense WAN subnet.

                        1 Reply Last reply Reply Quote 0
                        • B
                          banalo @elvisimprsntr
                          last edited by

                          @elvisimprsntr said in WAN interface has ports 22 and 53 open:

                          ATT upgraded me to a Pace 5268, which had port 22 open. I sent it back and reinstalled my old NVG599

                          Christ.

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.