Can pfSense Resond To Port Query?
-
Question
Can the pfSense appliance be configured to respond to a port query just like another service would?For example a Web server would respond to a port query on port 80 just like a DNS server could response to a port query on 53.
I was wanting to set a custom port (lets say 1234) and when a port query comes into the firewall instead of the port being NAT'ed to some other IP the firewall itself would answer the query.
Reason
Reason for wanting to do this is so I had a way of seeing if the firewall was alive or not from a device on the outside. -
If you want to know if the firewall is connected - just enable ping to your wan.. If you can ping it - its alive and connected ;)
-
@johnpoz said in Can pfSense Resond To Port Query?:
If you want to know if the firewall is connected - just enable ping to your wan.. If you can ping it - its alive and connected ;)
Need to be able to see if the firewall is alive or not "from the internet". Think Catchpoint, DNSCheck.co, etc. Ping from internet really isn't the best option and would like something a bit more specific.
-
Dude if its answering ping - its working... Your way over thinking this... But its not going to answer to a port, unless its running a service that uses that port... That doesn't check the "firewall" so much as the service is up and working - the firewall could be letting everything in, etc..
Your overthinking this
I monitor ping with status cake - I get an sms when my connection is down...
Answering to some port without doing anything with that port is just nonsense.. You could test if ssh is working, but then you have ssh open to the planet.. You could have your web gui open - again stupid. You could have ntp or dns open, again not a good idea. etc. etc.
Checking services that you might be hosting to the planet via a port forward work as well.. I also get a sms text if my plex server goes down.. Don't know if its the isp, the firewall or the plex server. But I know I need to check on it... If I also don't get ping check warning - then I know its mostly just that something happen to the plex service and not the connection or firewall.
-
StatusCake.com sounds interesting.
The 2nd firewall is what I'm trying to monitor in this case however, the first is what would answer pings. Its a annoying setup but its what I have not work with.
Thought of the "dummy" port idea cause no important service would be running on it and like you said don't want to open up web gui and all that to the internet, etc.
-
For something to answer a port.. There has to be a service listening on said port, while you could port forward something to this 2nd firewall.. I have never heard of software tool to listen on port X, just to test if something is up.. You check if a service is up
Do any of these vms provide service to the public internet? That you forward through both your firewall... Why do you have 2?
You can port forward icmp through pfsense... Here I just forwarded icmp through to my pc on 192.168.9.100, you could forward through to the 2nd pfsense wan IP.. So your pinging firewall 2 wan.
Here is sniff from my pc showing that ping got all the way to me, and it answered.
If that fails, then either firewall 1 failed, your internet failed, etc. Or firewall 2 failed.. If your monitoring some service running on your VM. And that goes down, but your ping does not.. Then you know its just your VM and not connectivity.. Since firewall 2 is still answering ping.
-
Thanks for the responses.
I realized that I could use the TCP port of the pfSense OpenVPN service on the firewall to accommodate this request of mine. All is good now!
