External scan not showing 443 open port


  • Hey all

    Moved our cloud servers behind pfsence firewall, I have created two rules forward http Port 80 to internal address and second rule https Port 445, some of the website now load really slow.

    We also had a Port scan done today and the only port that is open is port 80.

    I have gone over the rules and they are both the same.

    I also can’t access my websites from internally from the iiS server unless I edit the local host file and add the domain in there.

    Have I setup something wrong.

  • LAYER 8 Global Moderator

    @creation2 said in External scan not showing 443 open port:

    https Port 445

    Do you mean 443 or 445? Your title says 443, but your post says 445? Typo?

    If 443 or 445 wasn't open and that was the port you website was using - how would it load at all?

    Device behind pfsense, trying to hit pfsense wan IP to be forwarded back in would mean you need to setup nat reflection for such access.

    Keep in mind that if you did do 445, this is quite often blocked because this is MS file sharing port.

    Are you running openvpn on tcp443 and trying to use port sharing feature? This can be slow if not done correctly.


  • @johnpoz

    Yes sorry type Port 443, yes it’s strange that you can access it externally but port scanner can’t see that port open.

    What do you think would cause the websites to be loading slow behind pfsence this issue has only happened since moving to pfsence.

    Pfsence is hosted in dedicated server it’s not down to ram / cpu or bandwith.

    Thanks

  • LAYER 8 Global Moderator

    If port wasn't open then you wouldn't be able to access it at all. Do a sniff on pfsense when you do you port scan.. Do you have more than 1 wan? Are you running reverse proxy on pfsense?

    I take it these site are public - you want to post up one so can see what you mean by slow, etc. If you don't want to post it.. PM me the site and will do some testing from here.