Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (2.0.3) Shouldn't my ports be 'stealth'?

    Scheduled Pinned Locked Moved Firewalling
    19 Posts 8 Posters 10.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mr_bobo
      last edited by

      @Hollander:

      Which leaves me with why it does show all these open ports when I use internet test sites.

      Nmap online scan

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        @Hollander:

        @chpalmer:

        X2

        ???

        ( ;D)

        Means me also.  I tend to agree with your theory.  When I check against GRC (which I tend to believe spreads a little FUD around) I get everything except the one port I have open as invisible.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • R
          razzfazz
          last edited by

          @Hollander:

          Which leaves me with why it does show all these open ports when I use internet test sites.

          What open ports? Your earlier screen shot shows everything either as "stealth" or "closed" (i.e., "drop" or "reject" in terms of pf rules). Neither of these are harmful or dangerous.

          The closed ports that you're seeing are most likely ports that are filtered by your ISP; i.e., they get rejected upstream from you, and requests for them never even get to your box.

          1 Reply Last reply Reply Quote 0
          • P
            PhoenixOrion
            last edited by

            I am having the same problem but. With some of the ports not stealthed. When I am connected through pfsense on the WAN with dhcp all is stealthed. Which is what I want. But I use a vpn service, to share anonymous internet with the whole house and have pfsense connect as a client on openvpn. When it is connected as a client I get about 10 ports that are closed but not stealthed and am wondering what I can do to get them to stealth. I can also vpn directly from my computer not the pfsense box and all is stealthed with comodo firewall so not sure where these closed ports are coming from. But I do have a Wireless linksys router in between the pfsense box and my computer. I haven't tested it for a while but I believe all ports on it should be stealthed it is running ddwrt. Any help I would appreciate as well.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              as long as you haven't added any reject rules, you're either open or "stealth" or something other than the firewall is responding. When it's a small number of ports, it's almost certainly because the ISP (or VPN provider in that case) is doing blocking.

              1 Reply Last reply Reply Quote 0
              • P
                PhoenixOrion
                last edited by

                @cmb:

                as long as you haven't added any reject rules, you're either open or "stealth" or something other than the firewall is responding. When it's a small number of ports, it's almost certainly because the ISP (or VPN provider in that case) is doing blocking.

                It is vpn checked with openvpn connection and it is them. If I connect sstp,pptp or l2tp they are stealthed but their openvpn is not fully stealthed? For my vpn provider. All this time pulling out my hair unless it is a openvpn problem not sure yet.

                1 Reply Last reply Reply Quote 0
                • M
                  Mr. Jingles
                  last edited by

                  Hmmm, sorry if I may come back at this again  :-X

                  I ran the test at grc.com again, but the funny thing is: the ports that grc.com shows as 'closed' but not 'stealth' (I take it this is 'reject' versus 'drop') are the ports that also do not show in Status/System logs/Firewall. For example, you see 'port 992' is 'closed' but not 'stealth' in the first screenshot, and in the firewall log you see no port 992 blocked (second screenshot).

                  So this would then mean that PFS isn't blocking that since it never reaches PFS since my ISP is already blocking that?

                  grc.jpg
                  grc.jpg_thumb

                  6 and a half billion people know that they are stupid, agressive, lower life forms.

                  1 Reply Last reply Reply Quote 0
                  • M
                    Mr. Jingles
                    last edited by

                    Still only one screenshot at a time to be posted  :P Here is number 2:

                    2013-07-07_194752.jpg
                    2013-07-07_194752.jpg_thumb

                    6 and a half billion people know that they are stupid, agressive, lower life forms.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles
                      last edited by

                      @mr_bobo:

                      @Hollander:

                      Which leaves me with why it does show all these open ports when I use internet test sites.

                      Nmap online scan

                      Thank you very much for this link  ;D

                      That links shows the first 5000 ports all filtered. So this might confirm what I wrote right before this reply, I think.

                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                      1 Reply Last reply Reply Quote 0
                      • chpalmerC
                        chpalmer
                        last edited by

                        Good bedtime reading-

                        http://cable-dsl.navasgroup.com/#CheckSecurity

                        http://web.archive.org/web/20060215171504/http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed

                        and all this if you really have allot of time on your hands-

                        http://web.archive.org/web/20060204120906/http://www.grcsucks.com/

                        Im not posting this to flame but to educate on some past "disagreements" in the online security field.

                        Take it all with a grain of salt!

                        Triggering snowflakes one by one..
                        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                        1 Reply Last reply Reply Quote 0
                        • M
                          Mr. Jingles
                          last edited by

                          @chpalmer:

                          Good bedtime reading-

                          http://cable-dsl.navasgroup.com/#CheckSecurity

                          http://web.archive.org/web/20060215171504/http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed

                          and all this if you really have allot of time on your hands-

                          http://web.archive.org/web/20060204120906/http://www.grcsucks.com/

                          Im not posting this to flame but to educate on some past "disagreements" in the online security field.

                          Take it all with a grain of salt!

                          :o

                          ???

                          :-X

                          :P

                          ;D

                          You sir, thank you very much for these links; that is a lot of reading to do, but I skimmed through some of them and it was like:  :o

                          Thank you  ;D

                          6 and a half billion people know that they are stupid, agressive, lower life forms.

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi
                            last edited by

                            How could anyone take GRCsucks as a flame job?  haha.

                            That said, a simple scan from their site comes up for me all ports stealth except the ports I opened purposefully.

                            All is well on my pfsense (except perhaps the holes I punched in the firewall myself)

                            Then again, I may be riddled with backdoor trojans…  Apparently hard to know from their results.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.