Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Some ports it seems open but pfsense is block them.

    Firewalling
    1
    1
    174
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      monchito last edited by

      Hi All, some ports it seems open but pfsense is block them.  For example in WAN interface example 210.x.x.x : 5060 seems open from internet.

      Troubleshooting:

      1. From internet source

      notebook$ telnet 210.x.x.x 5060
      Trying 210.x.x.x...
      Connected to 210.x.x.x.
      
      

      2. In Destination pfsense filter log:

      May 17 17:27:38  filterlog: 80,,,1492620207,em1,match,[b]block[/b],in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x [b](Nated)[/b] ,4293,[b]5060[/b],0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale
      

      May 17 17:27:38  filterlog: 80,,,1492620207,em1,match,block,in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x (Nated) ,4293,5060,0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale

      3. In destionation pfsense socket -4l in pfsense (5060 not listening)
      : sockstat -4l

      USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
      root     php-fpm    57012 4  udp4   *:*                   *:*
      root     ntopng     62455 3  udp4   *:*                   *:*
      root     ntopng     62455 17 tcp4   *:3000                *:*
      root     redis-serv 62165 4  tcp4   127.0.0.1:6379        *:*
      nobody   darkstat   27813 8  tcp4   x.x.x.x:666     *:*
      root     syslogd    62314 8  udp4   *:514                 *:*
      root     bsnmpd     37253 4  udp4   *:*                   *:*
      root     bsnmpd     37253 5  udp4   *:161                 *:*
      root     ntpd       29513 21 udp4   *:123                 *:*
      root     ntpd       29513 23 udp4   x.x.x.x:123     *:*
      root     ntpd       29513 25 udp4   yyy.yyy.yyy.yyy:123    *:*
      root     ntpd       29513 28 udp4   127.0.0.1:123         *:*
      root     nginx      28599 6  tcp4   *:443                 *:*
      root     nginx      28599 8  tcp4   *:80                  *:*
      root     nginx      28513 6  tcp4   *:443                 *:*
      root     nginx      28513 8  tcp4   *:80                  *:*
      root     nginx      28318 6  tcp4   *:443                 *:*
      root     nginx      28318 8  tcp4   *:80                  *:*
      unbound  unbound    20907 5  udp4   *:53                  *:*
      unbound  unbound    20907 6  tcp4   *:53                  *:*
      unbound  unbound    20907 7  tcp4   127.0.0.1:953         *:*
      root     php-fpm    308   4  udp4   *:*                   *:*
      

      4. When i sniff the traffic 5060, it show pfsense MAC address in layer 2, so nothing in the middle (only 1 fortifgate in trasparent mode, but passed through i sniff the traffic from there)

      So, why 5060 seems open from internet, but is blocked for the pfsense?

      Any ideas?

      Thanks!
      Monchito


      1 Reply Last reply Reply Quote 0
      • First post
        Last post