Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help - How to terminate TCP port on WAN for monitoring

    General pfSense Questions
    2
    4
    715
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      avvid
      last edited by

      Hi everyone, using thousandeyes.com to monitor my firewall externally.  Currently I have a TCP port open and terminated on a server for monitoring purposes (Note:  I can't use ICMP).

      Is there anyway to open and terminate a TCP port on pfsense itself which goes nowhere?  ie: Not forwarded anywhere?

      The stats on the server terminating the TCP port currently varies, which is screwing up the reports

      Thanks!
      J

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Make a port forward to an unused IP on your LAN..  Im not sure what that would do though as it would look as nothing was there.

        Something has got answer a request to get a result.  So is your question how to get pfSense itself to respond to an externally initiated request from the monitor?

        Seems like a little bit of a security risk truthfully..  :o

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • A
          avvid
          last edited by

          Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

          Didn't really want to open any ports to any servers (don't really have any).  Have a Raspberry Pi terminating it right now, but latency is all over the place due to being a Raspberry Pi :)

          1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer
            last edited by

            @avvid:

            Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests.

            If it goes nowhere it might as well not exist.  Thus it must be answered by something. In this case you want your firewall to answer the request.

            This means you want to open a port to the other server on a security device..  Bad ju ju!

            But you could allow their server  (and it only via a well crafted WAN firewall rule) to your pfsense WAN address GUI port.  Still a security issue but much safer than selecting "any" for source IP.

            WAN Rule-    Source-  their IP address  any port    Destination- "Wan Address"  Port- (your GUI port)  80??  .

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.