Ports open to internet, which I did not configure
-
Hi all,
I needed to open a few ports and ran an nmap scan from the internet to test, all good, however I found that the below ports were also opened, which I had never configured. All ports from the internet were previously blocked, or so I had thought.
21
554
1723
53I ran another scan 10 minutes later and the concerning ports were no longer open. Is there any rational explanation for this? How would you guys investigate? It's quite concerning. I'll post up my firewall configs tomorrow.
-
And pfsense clearly has no ftp server out of the box, so how would 21 be open to it. Are you forwarding that port?
Out of the box pfsense is block ALL inbound to its wan port. So if your seeing stuff open, you opened them or forwarded them or your seeing the device in front of pfsense. What is the wan of your pfsense plugged into? Does it have a public IP on its wan or a rfc1918 address? If rfc1918, out of the box any traffic to rfc1918 would be blocked as well.
Post up your wan firewall rules, and did you put any rules on your floating tab?
-
Another question : how are you connected to the net ? or : what is placed in front of your pfSense box ? Some ISP router ?
-
-
I have 2 separate NICs. One dedicated for WAN. The other NIC has three ports, one for management, one primary network and one guest network. WAN port is a direct DHCP internet connection.
Here's some config screenshots
http://www.openscreenshot.com/B1MLNwDAg
http://www.openscreenshot.com/ByCPEDPAe
http://www.openscreenshot.com/HkIFNPDAl
http://www.openscreenshot.com/SkC_HDD0g
http://www.openscreenshot.com/B13prDDAl
http://www.openscreenshot.com/S1vCBvv0e
http://www.openscreenshot.com/HJGJ8PvCxI definitely scanned the right IP. They're now appearing closed though.