Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ports open to internet, which I did not configure

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 981 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nubletizer
      last edited by

      Hi all,

      I needed to open a few ports and ran an nmap scan from the internet to test, all good, however I found that the below ports were also opened, which I had never configured. All ports from the internet were previously blocked, or so I had thought.

      21
      554
      1723
      53

      I ran another scan 10 minutes later and the concerning ports were no longer open. Is there any rational explanation for this? How would you guys investigate? It's quite concerning. I'll post up my firewall configs tomorrow.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        And pfsense clearly has no ftp server out of the box, so how would 21 be open to it.  Are you forwarding that port?

        Out of the box pfsense is block ALL inbound to its wan port.  So if your seeing stuff open, you opened them or forwarded them or your seeing the device in front of pfsense.  What is the wan of your pfsense plugged into?  Does it have a public IP on its wan or a rfc1918 address?  If rfc1918, out of the box any traffic to rfc1918 would be blocked as well.

        Post up your wan firewall rules, and did you put any rules on your floating tab?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan
          last edited by

          Another question : how are you connected to the net ? or : what is placed in front of your pfSense box ? Some ISP router ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • N Offline
            NOYB
            last edited by

            @nubletizer:

            Is there any rational explanation for this?

            Typo.  You scanned some else.

            1 Reply Last reply Reply Quote 0
            • N Offline
              nubletizer
              last edited by

              I have 2 separate NICs. One dedicated for WAN. The other NIC has three ports, one for management, one primary network and one guest network. WAN port is a direct DHCP internet connection.

              Here's some config screenshots

              http://www.openscreenshot.com/B1MLNwDAg
              http://www.openscreenshot.com/ByCPEDPAe
              http://www.openscreenshot.com/HkIFNPDAl
              http://www.openscreenshot.com/SkC_HDD0g
              http://www.openscreenshot.com/B13prDDAl
              http://www.openscreenshot.com/S1vCBvv0e
              http://www.openscreenshot.com/HJGJ8PvCx

              I definitely scanned the right IP. They're now appearing closed though.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.