Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port showing Closed on WAN side, but no rule

    Firewalling
    3
    7
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SoloamS
      Soloam
      last edited by

      PfSense Blocks by default, and that is great. I did a port scan to my firewall and it returned to me port 113 closed, so I assume that pfsense replayed back with a reject. Why does this happens If I don't have a rule to this port?, way does it returns closed? What will happen if create a rule to block port 113?

      Thank You

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        How are you performing your scan? If you're doing it from the LAN side of pfSense what you're seeing is normal because pfSense's default deny policy only applies to traffic that enters the WAN interface from the outside. Traffic that has entered the system via the LAN interface is not subject to filtering until it actually leaves the system via an interface (and by default is allowed but this can be changed with floating rules).

        1 Reply Last reply Reply Quote 0
        • SoloamS
          Soloam
          last edited by

          I'm doing the scan from another system on a different network.

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            And how does this other network relate to the pfSense system? Does the scan come in via the WAN interface or some other interface? Post your WAN firewall rules in case it does.

            1 Reply Last reply Reply Quote 0
            • SoloamS
              Soloam
              last edited by

              No, it's a system on a different network… nothing related to this network... my wan rules are clear... nothing

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                pfsense out of the box does not send reject, the packet is just dropped.  So if your saying your scanning from outside to wan of pfsense and your getting a "closed" because of a reject sent then either you created a rule to do that.  Or your not actually scanning pfsense.

                If pfsense was sending rejects then every single port you scan on pfsense would show closed vs the popular even though not really correct term "stealth"

                So did you validate that pfsense actually saw this tcp syn to 113? and it sent the reject?  Simple enough to test with packet capture on wan then go to something like canyouseeme.org or even the grc scanner for gosh sake..

                
                GRC Port Authority Report created on UTC: 2017-06-08 at 18:14:38
                
                Results from probe of port: 113
                
                    0 Ports Open
                    0 Ports Closed
                    1 Ports Stealth
                ---------------------
                    1 Ports Tested
                
                THE PORT tested was found to be: STEALTH.
                
                TruStealth: FAILED - ALL tested ports were STEALTH,
                                   - NO unsolicited packets were received,
                                   - A PING REPLY (ICMP Echo) WAS RECEIVED.
                
                

                Oh my gosh I'm not stealth because I answered ping ;) <rolleyes>F'ing idiot spreading FUD… ;)</rolleyes>

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • K
                  kpa
                  last edited by

                  Well there has to be a reason for the port to show as closed. The TCP port 113 is usually the auth/ident which might be still used by IRC or some games for identifying the connecting user. It's of course broken as hell as a practice but it's still used  Do you have UPnP enabled? Any packages installed?

                  Btw, which version of pfSense?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.