Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 443 open

    Scheduled Pinned Locked Moved NAT
    24 Posts 3 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muswellhillbilly
      last edited by

      The 404 error is obviously being generated by something. What is your network setup? Do you have a router between your pfSense machine and your ISP? Is the IP address you're trying to access external (I'm assuming so) or internal? A bit of info would go a long way - ideally a diagram of your internal network, your external connection and where your pfSense machine sits within them.

      1 Reply Last reply Reply Quote 0
      • G
        grasshopper645
        last edited by

        Sorry for lack of details, and thanks for your response.

        Network is:

        Internet > ADSL Modem > PFSense using PPPoE for internet > Switch/Wireless AP

        The issue occurs when accessing the external IP address from a remote machine. If i access the external ip address from a local machine, it works fine.

        I dont understand what would be opening the SSL port if pfsense is set to block it..I guess the only thing it can be is the ADSL Modem, is that correct?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Unless you bridged the modem, you need to do all the port forwarding on the modem (as well as on pfSense when the box is not pfSense itself); "allow pfsense web gui access via port 443" on WAN is extremely bad idea, use VPN.

          1 Reply Last reply Reply Quote 0
          • G
            grasshopper645
            last edited by

            The modem is being bridged (i have not got double nat). As the link is adsl (RJ11 cable) the modem is used to provide rj45 connection to the pfsense box.

            I am aware web gui access is not secure, but is OK for my small test network.

            I'm basically just trying to work out what the heck would be causing port 443 to be open from the outside when there is no rule in pfsense to allow it.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Because you are still hitting the modem, or something in front of pfSense? Do you even have public IP (as opposed to being stuck behind CGN)? There's packet capture available in the GUI, stop guessing.

              1 Reply Last reply Reply Quote 0
              • G
                grasshopper645
                last edited by

                Yes i have a public static IP address. Used the packet capture to capture 100 packets for port 443 only. Got 100 random address attempts to access it. lol maybe I will just leave it down. I'll go into the modem and assume that is what is keeping the port open..Cheers.

                1 Reply Last reply Reply Quote 0
                • G
                  grasshopper645
                  last edited by

                  Confirmed modem is not allowing port 443, and added a block of port 443 to the firewall. Port is still open lol. Could my ISP be doing something?

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Post a screenshot of WAN rules on pfSense.

                    1 Reply Last reply Reply Quote 0
                    • G
                      grasshopper645
                      last edited by

                      Here are the wan rules..This is very strange. I am thinking of re-installing pfsense to see if that makes a difference?

                      Capture.JPG
                      Capture.JPG_thumb

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        That won't make any difference, plus definitely not convinced that 404 comes from pfSense. "The requested resource is not found" is either IIS or Tomcat error message. Not lighttpd. When you go to a non-existent page on pfSense GUI, you get plain "404 - Not Found".

                        1 Reply Last reply Reply Quote 0
                        • G
                          grasshopper645
                          last edited by

                          I'll bypass pfsense with a standard home-based router tonight and see weather the port is still open. I agree with you - I doubt that message is coming from pfsense. I must admit I am a little concerned maybe the server has been compromised

                          1 Reply Last reply Reply Quote 0
                          • G
                            grasshopper645
                            last edited by

                            It's definitely pfsense keeping port 443 open. I have put the modem non-bridging mode and the port is closed. Could some glitch in pfsense be causing this? I'm at a loss as to what to do DX

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?

                              :(

                              1 Reply Last reply Reply Quote 0
                              • M
                                muswellhillbilly
                                last edited by

                                A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?

                                1 Reply Last reply Reply Quote 0
                                • G
                                  grasshopper645
                                  last edited by

                                  @doktornotor:

                                  Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?

                                  :(

                                  Yep you were correct!!!

                                  I very much appreciate your persistance in replying, despite my ignorance/vague replies. You have saved me a lot of grief!!!

                                  Capture.PNG
                                  Capture.PNG_thumb

                                  1 Reply Last reply Reply Quote 0
                                  • G
                                    grasshopper645
                                    last edited by

                                    @muswellhillbilly:

                                    A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?

                                    I manually wrote 'ip omitted' as i didnt want the public internet knowing what my IP address is. It was a public address for what its worth. Cheers.

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      grasshopper645
                                      last edited by

                                      I understand if no one replies to this - (unrelated) but could someone please explain why Windows Media player requires https port forwarded? cheers.

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        doktornotor Banned
                                        last edited by

                                        You need to ask MS. Please, disable or at least severely restrict the UPnP access, there are some examples in the GUI. Very dangerous without any restrictions.

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          muswellhillbilly
                                          last edited by

                                          According to MS it's to do with performance: http://windows.microsoft.com/en-gb/windows7/stream-your-media-over-the-internet-using-windows-media-player. Though this is really a question for a different forum.

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            doktornotor Banned
                                            last edited by

                                            @muswellhillbilly:

                                            According to MS it's to do with performance: http://windows.microsoft.com/en-gb/windows7/stream-your-media-over-the-internet-using-windows-media-player.

                                            Ah of course, who gives a fuck about security, performance is much more important in the MS land; plus it's extremely excellent idea to steal standard HTTPS port for some media streaming junk.  :o ???

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.