Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfSense Resond To Port Query?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 571 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ThePieMonster
      last edited by

      Question
      Can the pfSense appliance be configured to respond to a port query just like another service would?

      For example a Web server would respond to a port query on port 80 just like a DNS server could response to a port query on 53.

      I was wanting to set a custom port (lets say 1234) and when a port query comes into the firewall instead of the port being NAT'ed to some other IP the firewall itself would answer the query.

      Reason
      Reason for wanting to do this is so I had a way of seeing if the firewall was alive or not from a device on the outside.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        If you want to know if the firewall is connected - just enable ping to your wan.. If you can ping it - its alive and connected ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          ThePieMonster
          last edited by ThePieMonster

          @johnpoz said in Can pfSense Resond To Port Query?:

          If you want to know if the firewall is connected - just enable ping to your wan.. If you can ping it - its alive and connected ;)

          Need to be able to see if the firewall is alive or not "from the internet". Think Catchpoint, DNSCheck.co, etc. Ping from internet really isn't the best option and would like something a bit more specific.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Dude if its answering ping - its working... Your way over thinking this... But its not going to answer to a port, unless its running a service that uses that port... That doesn't check the "firewall" so much as the service is up and working - the firewall could be letting everything in, etc..

            Your overthinking this

            I monitor ping with status cake - I get an sms when my connection is down...

            Answering to some port without doing anything with that port is just nonsense.. You could test if ssh is working, but then you have ssh open to the planet.. You could have your web gui open - again stupid. You could have ntp or dns open, again not a good idea. etc. etc.

            Checking services that you might be hosting to the planet via a port forward work as well.. I also get a sms text if my plex server goes down.. Don't know if its the isp, the firewall or the plex server. But I know I need to check on it... If I also don't get ping check warning - then I know its mostly just that something happen to the plex service and not the connection or firewall.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              ThePieMonster
              last edited by

              StatusCake.com sounds interesting.

              The 2nd firewall is what I'm trying to monitor in this case however, the first is what would answer pings. Its a annoying setup but its what I have not work with.

              Thought of the "dummy" port idea cause no important service would be running on it and like you said don't want to open up web gui and all that to the internet, etc.

              301340db-2b09-483a-82a9-002472e181be-image.png

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                For something to answer a port.. There has to be a service listening on said port, while you could port forward something to this 2nd firewall.. I have never heard of software tool to listen on port X, just to test if something is up.. You check if a service is up

                Do any of these vms provide service to the public internet? That you forward through both your firewall... Why do you have 2?

                You can port forward icmp through pfsense... Here I just forwarded icmp through to my pc on 192.168.9.100, you could forward through to the 2nd pfsense wan IP.. So your pinging firewall 2 wan.

                Here is sniff from my pc showing that ping got all the way to me, and it answered.
                ping.png

                If that fails, then either firewall 1 failed, your internet failed, etc. Or firewall 2 failed.. If your monitoring some service running on your VM. And that goes down, but your ping does not.. Then you know its just your VM and not connectivity.. Since firewall 2 is still answering ping.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • T
                  ThePieMonster
                  last edited by

                  Thanks for the responses.

                  I realized that I could use the TCP port of the pfSense OpenVPN service on the firewall to accommodate this request of mine. All is good now!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.