Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense open ports [SOLVED]

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    47 Posts 4 Posters 64.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vorgusa
      last edited by

      here is that file

      rules.txt

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        pass  in  quick  on $WAN reply-to ( re0 x.x.x.x )  proto TCP  from any to x.x.x.x keep state  label "USER_RULE: OpenVPN Home wizard"
        
        

        There is no port on that rule for OpenVPN - so it's letting all TCP traffic in to your WAN IP.

        Did you alter that rule?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V
          vorgusa
          last edited by

          Nope I did not, both times I just let the wizard create the rule (USER_RULE: OpenVPN Home wizard) and did not alter it.  I will check on it when I get home

          1 Reply Last reply Reply Quote 0
          • V
            vorgusa
            last edited by

            the screenshot I put of my rules page clearly has port 443 on it before hand. That would be the port you were talking about in the previous line?  why would the port be listed there but not in the rules.debug?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              ok, edit and save your OpenVPN rule, see if that fixes it. Make sure to re-select UDP as the protocol if it's supposed to be UDP and not TCP.

              I fixed a bug with the wizard earlier today that was apparently causing this to happen, too.

              The protocol (TCP or UDP) was getting into the rule as upper case, not lower case, and the port was being left off because it didn't match "tcp" or "udp".

              Anyone on a new snap should be OK though. At least the next new one.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • V
                vorgusa
                last edited by

                Just attached part of the config.xml  If I change the 3rd one to match the other two and then restart my box, would that fix the problem? /cf/conf/config.xml

                rules.txt

                1 Reply Last reply Reply Quote 0
                • V
                  vorgusa
                  last edited by

                  I am using TCP and I just upgraded to the newer snapshot a little while ago hoping it would fix the problem, but guess we nailed it down to that rule.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Just edit and save the rule - no need to alter config.xml

                    The problem is this:

                    <protocol>TCP</protocol>
                    

                    Needs to be:

                    <protocol>tcp</protocol>
                    

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • V
                      vorgusa
                      last edited by

                      :( cant get into the web interface now.  Guessing thats a good thing since its open to the world, lol

                      1 Reply Last reply Reply Quote 0
                      • V
                        vorgusa
                        last edited by

                        hmmm ok, so where can I edit and save the rule.. is the rule.debug file going to be persistent?

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          Edit the OpenVPN rule on Firewall > Rules on the WAN tab - edit that, save, and it should fix itself.

                          Or update once the next snapshot uploads, I committed a couple different protections against this.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • V
                            vorgusa
                            last edited by

                            Worked like a charm.. I got someone to run nmap on the IP and the firewall is back up.  Thanks for your help!  Did you guys find a bug in the Wizard?

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              Yeah, it was a problem in the wizard:

                              https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/6be90004d477bd74c5610ae341aae3ae9fcc9281

                              But I added some extra protection so that on future snapshots even people who have the 'bad' rules won't be harmed by it:
                              https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/06b3df52262764723289a3ac65c3a7c05a8a8f4c
                              https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/7ec0e6e2f5206d750a6c00d598700836a57d056f

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.