• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help - How to terminate TCP port on WAN for monitoring

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 2 Posters 722 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    avvid
    last edited by Jan 18, 2017, 11:46 PM

    Hi everyone, using thousandeyes.com to monitor my firewall externally.  Currently I have a TCP port open and terminated on a server for monitoring purposes (Note:  I can't use ICMP).

    Is there anyway to open and terminate a TCP port on pfsense itself which goes nowhere?  ie: Not forwarded anywhere?

    The stats on the server terminating the TCP port currently varies, which is screwing up the reports

    Thanks!
    J

    1 Reply Last reply Reply Quote 0
    • C
      chpalmer
      last edited by Jan 19, 2017, 12:05 AM

      Make a port forward to an unused IP on your LAN..  Im not sure what that would do though as it would look as nothing was there.

      Something has got answer a request to get a result.  So is your question how to get pfSense itself to respond to an externally initiated request from the monitor?

      Seems like a little bit of a security risk truthfully..  :o

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • A
        avvid
        last edited by Jan 19, 2017, 12:10 AM

        Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

        Didn't really want to open any ports to any servers (don't really have any).  Have a Raspberry Pi terminating it right now, but latency is all over the place due to being a Raspberry Pi :)

        1 Reply Last reply Reply Quote 0
        • C
          chpalmer
          last edited by Jan 19, 2017, 1:36 AM

          @avvid:

          Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

          If it goes nowhere it might as well not exist.  Thus it must be answered by something. In this case you want your firewall to answer the request.

          This means you want to open a port to the other server on a security device..  Bad ju ju!

          But you could allow their server  (and it only via a well crafted WAN firewall rule) to your pfsense WAN address GUI port.  Still a security issue but much safer than selecting "any" for source IP.

          WAN Rule-    Source-  their IP address  any port    Destination- "Wan Address"  Port- (your GUI port)  80??  .

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received