Help - How to terminate TCP port on WAN for monitoring

avvid · Jan 18, 2017, 11:46 PM

Hi everyone, using thousandeyes.com to monitor my firewall externally. Currently I have a TCP port open and terminated on a server for monitoring purposes (Note: I can't use ICMP).

Is there anyway to open and terminate a TCP port on pfsense itself which goes nowhere? ie: Not forwarded anywhere?

The stats on the server terminating the TCP port currently varies, which is screwing up the reports

Thanks!
J

chpalmer · Jan 19, 2017, 12:05 AM

Make a port forward to an unused IP on your LAN.. Im not sure what that would do though as it would look as nothing was there.

Something has got answer a request to get a result. So is your question how to get pfSense itself to respond to an externally initiated request from the monitor?

Seems like a little bit of a security risk truthfully.. :o

avvid · Jan 19, 2017, 12:10 AM

Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

Didn't really want to open any ports to any servers (don't really have any). Have a Raspberry Pi terminating it right now, but latency is all over the place due to being a Raspberry Pi :)

chpalmer · Jan 19, 2017, 1:36 AM

@avvid:

Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

If it goes nowhere it might as well not exist. Thus it must be answered by something. In this case you want your firewall to answer the request.

This means you want to open a port to the other server on a security device.. Bad ju ju!

But you could allow their server (and it only via a well crafted WAN firewall rule) to your pfsense WAN address GUI port. Still a security issue but much safer than selecting "any" for source IP.

WAN Rule- Source- their IP address any port Destination- "Wan Address" Port- (your GUI port) 80?? .