Portscanning pfSense running in VirtualBox

someperson472034 · Dec 21, 2013, 7:03 PM

Hi pfSense community,

I have setup a pfSense VirtualBox like so:

To explain what's going on here:
The router assigns the IP addresses 192.168.178.20 and 192.168.178.21 via DHCP to the Laptop and the VirtualBox pfSense.
I can reach the router (with 192.168.178.1) and the pfSense (with 192.168.56.11) from 192.168.178.20.
192.168.56.11 is the IP of the host-only adapter.

The problem:
My goal is to do simple nmap scans and ping tests from 192.168.178.1 to 192.168.178.21.

Doing nmap scans gave me the message, that all 1715 scanned ports on 192.168.178.21 were filtered.
Pinging the pfSense resulted in a 100% packet loss.

I guessed it had something to do with strict rules, so I tried removing firewall rules, NAT rules etc.
Still, it didn't work.

johnpoz · Dec 23, 2013, 3:08 AM

"My goal is to do simple nmap scans and ping tests from 192.168.178.1 to 192.168.178.21."

And what do you think would be open.. The default rules drop all unsolicited traffic to the wan.. So no shit ping is going to fail and every single port you scan is going to be juts dropped.

someperson472034 · Jan 2, 2014, 2:42 PM

Hey John,
sorry for the late answer.
First of all, I wish you kind of a late Merry Christmas and a Happy New Year.

And now back to topic.
You are right. After I disabled pretty much everything in relation to NAT and firewall rules, I additionally configured some port forwardings and was then able to ping the virtualized pfSense and do port scans.
This obviously defeats the purpose of those tests, because in a default configuration nobody would disable the firewall.

So I guess there is no way then to do these little tests, when it drops all input. Is this correct?
How would professional pentesters do this from a WAN side, then?

Do they try to run through known open ports and run exploits on them?

johnpoz · Jan 2, 2014, 6:24 PM

A pen test is to find out what is open, or vulnerable.

If you have no forwards there is not much open for them to test.. So a at a loss to the point of your question in the first place.

someperson472034 · Jan 2, 2014, 6:43 PM

@johnpoz:

If you have no forwards there is not much open for them to test.

Thanks for your answers. So by default no ports are open on the pfSense, right?

johnpoz · Jan 2, 2014, 6:59 PM

By default no there is NOTHING open to the wan interface.. What kind of firewall would it be if it allowed open ports to its public side by default? ;)

someperson472034 · Jan 2, 2014, 7:04 PM

Okay, thanks again! Thread solved.