UDP Port 53 Open
I performed a nmap scan on my public IP and it says that port 53 is open. Could someone explain me how could that be possible w/t any rules on the wan interface other than the defaults?
I really cant understand this.
What do you have in front of pfsense. You actually scanned from outside your network? Or did you run nmap from inside your network to your public IP?
I am scanning outside network. In front of PfSense is just my ISP.
When you do your scan from outside.. Sniff on pfsense wan, does it even see the 53 inbound.. Its quite possible for your ISP to be intercepting that traffic. Post up your wan rules and floating rules.
Block private networks
Block bogon networks
Allow ipv4 udp port from voip provider address to voip vlan
No floating rules
Will scan with capturing on
Test with a real DNS query to your pfSense system's port 53 using the dig command for example. In case of UDP nmap will just tell you that it succesfully sent data to UDP port 53 but doesn't care if a reply came back or not. UDP is stateless and connectionless and you can't do a proper UDP port scan unless you know the application protocol details and use proper tools.
That is a very valid port… UDP scans are not very accurate..