Some ports it seems open but pfsense is block them.
-
Hi All, some ports it seems open but pfsense is block them. For example in WAN interface example 210.x.x.x : 5060 seems open from internet.
Troubleshooting:
1. From internet source
notebook$ telnet 210.x.x.x 5060 Trying 210.x.x.x... Connected to 210.x.x.x.
2. In Destination pfsense filter log:
May 17 17:27:38 filterlog: 80,,,1492620207,em1,match,[b]block[/b],in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x [b](Nated)[/b] ,4293,[b]5060[/b],0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale
May 17 17:27:38 filterlog: 80,,,1492620207,em1,match,block,in,4,0x0,,64,25740,0,DF,6,tcp,60,179.x.x.x , x.x.x.x (Nated) ,4293,5060,0,S,2755131869,,5840,,mss;sackOK;TS;nop;wscale
3. In destionation pfsense socket -4l in pfsense (5060 not listening)
: sockstat -4lUSER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root php-fpm 57012 4 udp4 *:* *:* root ntopng 62455 3 udp4 *:* *:* root ntopng 62455 17 tcp4 *:3000 *:* root redis-serv 62165 4 tcp4 127.0.0.1:6379 *:* nobody darkstat 27813 8 tcp4 x.x.x.x:666 *:* root syslogd 62314 8 udp4 *:514 *:* root bsnmpd 37253 4 udp4 *:* *:* root bsnmpd 37253 5 udp4 *:161 *:* root ntpd 29513 21 udp4 *:123 *:* root ntpd 29513 23 udp4 x.x.x.x:123 *:* root ntpd 29513 25 udp4 yyy.yyy.yyy.yyy:123 *:* root ntpd 29513 28 udp4 127.0.0.1:123 *:* root nginx 28599 6 tcp4 *:443 *:* root nginx 28599 8 tcp4 *:80 *:* root nginx 28513 6 tcp4 *:443 *:* root nginx 28513 8 tcp4 *:80 *:* root nginx 28318 6 tcp4 *:443 *:* root nginx 28318 8 tcp4 *:80 *:* unbound unbound 20907 5 udp4 *:53 *:* unbound unbound 20907 6 tcp4 *:53 *:* unbound unbound 20907 7 tcp4 127.0.0.1:953 *:* root php-fpm 308 4 udp4 *:* *:*
4. When i sniff the traffic 5060, it show pfsense MAC address in layer 2, so nothing in the middle (only 1 fortifgate in trasparent mode, but passed through i sniff the traffic from there)
So, why 5060 seems open from internet, but is blocked for the pfsense?
Any ideas?
Thanks!
Monchito