Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Logs

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 5 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jawhead @Gertjan
      last edited by

      @Gertjan a14d3591-c418-401d-af5f-743aea637948-image.png

      Yes, Our pfSense is accessible publicly via domain and public IP. but only https port is open.

      Do you think there are bad guys playing around?

      GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Yeah something is trying to hit a page in the firewall that doesn't exist either maliciously or through poor config.

        I would guess from those URLs they are trying to hit commonly exploitable pages.

        If that's coming from the WAN why is that open?

        If it's coming from the LAN something there maybe compromised. Could still just be something badly configured.

        Lock down the GUI access.

        Steve

        J 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @Jawhead
          last edited by

          @Jawhead said in Firewall Logs:

          Do you think there are bad guys playing around?

          Noop.
          These page requests /posts are looking harmless.
          For now.

          Having the GUI open and accessible from the Internet is pure madness.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • J
            Jawhead @stephenw10
            last edited by

            @stephenw10 Hi Steve, thanks for the inputs, We use to manage remotely the firewall. What would you recommend for locking down the firewall? Is there a guide for hardening a pfSense?

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              In one word : OpenVPN.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              J 1 Reply Last reply Reply Quote 0
              • J
                Jawhead @Gertjan
                last edited by

                @Gertjan Yes, we have used OpenVPN to access internal server, any other options aside from OpenVPN.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  If you are already using OpenVPN, you have two choices :
                  Modify the current setup, so you can access the GUI from LAN, when you are connected to the "internal server".
                  Or, activate an independent OpenVPN server on pfSense - use another port number if 1194 is already natted to your "internal server".
                  I guess you have already all the knowledge needed to access the GUI over OpenVPN. The big advantage is that only the people user credentials and/or certs can access the GUI.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @Jawhead
                    last edited by johnpoz

                    @Jawhead said in Firewall Logs:

                    Yes, Our pfSense is accessible publicly via domain and public IP. but only https port is open.

                    Yeah that is just plain moronic to be honest.... Yeah your logs are going to be full of shit for starters..

                    As suggested vpn in to manage, or atleast lock down the access to the gui from your source IP your going to be managing from.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      That looks like the kind of stuff you see from captive portal redirecting requests from unauthenticated clients to the web server.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • J
                        Jawhead
                        last edited by

                        Thank you for the inputs guys really appreciate it, for the meantime, I just disable the public access and push to use OpenVPN instead.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.