Some ports it seems open but pfsense is block them.



  • Hi All, some ports it seems open but pfsense is block them.  For example in WAN interface example 210.x.x.x : 5060 seems open from internet.

    Troubleshooting:

    1. From internet source

    notebook$ telnet 210.x.x.x 5060
    Trying 210.x.x.x...
    Connected to 210.x.x.x.
    
    

    2. In Destination pfsense filter log:

    May 17 17:27:38  filterlog: 80,,,1492620207,em1,match,[b]block[/b],in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x [b](Nated)[/b] ,4293,[b]5060[/b],0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale
    

    May 17 17:27:38  filterlog: 80,,,1492620207,em1,match,block,in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x (Nated) ,4293,5060,0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale

    3. In destionation pfsense socket -4l in pfsense (5060 not listening)
    : sockstat -4l

    USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
    root     php-fpm    57012 4  udp4   *:*                   *:*
    root     ntopng     62455 3  udp4   *:*                   *:*
    root     ntopng     62455 17 tcp4   *:3000                *:*
    root     redis-serv 62165 4  tcp4   127.0.0.1:6379        *:*
    nobody   darkstat   27813 8  tcp4   x.x.x.x:666     *:*
    root     syslogd    62314 8  udp4   *:514                 *:*
    root     bsnmpd     37253 4  udp4   *:*                   *:*
    root     bsnmpd     37253 5  udp4   *:161                 *:*
    root     ntpd       29513 21 udp4   *:123                 *:*
    root     ntpd       29513 23 udp4   x.x.x.x:123     *:*
    root     ntpd       29513 25 udp4   yyy.yyy.yyy.yyy:123    *:*
    root     ntpd       29513 28 udp4   127.0.0.1:123         *:*
    root     nginx      28599 6  tcp4   *:443                 *:*
    root     nginx      28599 8  tcp4   *:80                  *:*
    root     nginx      28513 6  tcp4   *:443                 *:*
    root     nginx      28513 8  tcp4   *:80                  *:*
    root     nginx      28318 6  tcp4   *:443                 *:*
    root     nginx      28318 8  tcp4   *:80                  *:*
    unbound  unbound    20907 5  udp4   *:53                  *:*
    unbound  unbound    20907 6  tcp4   *:53                  *:*
    unbound  unbound    20907 7  tcp4   127.0.0.1:953         *:*
    root     php-fpm    308   4  udp4   *:*                   *:*
    

    4. When i sniff the traffic 5060, it show pfsense MAC address in layer 2, so nothing in the middle (only 1 fortifgate in trasparent mode, but passed through i sniff the traffic from there)

    So, why 5060 seems open from internet, but is blocked for the pfsense?

    Any ideas?

    Thanks!
    Monchito



 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy