Open ports and slow speeds when LAN interface is disabled
A couple weeks ago I dove into learning VLANs and spent a weekend segmenting my home network. I got everything working as intended, it seemed.
I've noticed lately that my download speed was severely limited. It is normally 400+ mbps, but has been anywhere from 10-20 mbps. I decided to check my pfSense system logs and something else caught my eye: a constant stream of SSH bruteforce attacks on my WAN IP.
To my surprise, ports 22, 53, 80, and 443 were wide open. I could even access my pfSense management interface from my phone on data. I couldn't figure out why this occurred, since I have absolutely no WAN rules (other than default blocks) and no port forwarding/NAT configuration. The only allow rules were configured on my VLAN subnets.
After messing around for a while I re-enabled my LAN interface - since I disabled it after I got my OPT interfaces working. Lo and behold, no more open ports, and a speedtest shows my download/upload back to full capacity.
I still don't understand how this could occur. I don't have any rules on LAN interface either, other than the default rules. And really unsure about how this crippled my network speeds. The VLANs are linked to the LAN interface here - could this be related? Just trying to understand what was going on there..
bingo600 last edited by
The only thing that makes sense in my mind , is that you somehow have shortcircuited (in L2 Vlan) or mixed up, LAN (that allows access to the firewall) and WAN that (default does not)
Definitely something not right..
I have pfSense as a virtual machine running on an ESXi hypervisor. With the LAN interface re-enabled, as mentioned earlier I no longer get the strange behavior. But now I cannot access the management IP of my hypervisor, which is on the same subnet as my PC. Can't ping it from pfSense either. It's supposed to be a getting a static DHCP lease.
On my switch/wireless AP, all ethernet ports are on a single VLAN with the exception of the trunk port, going into the hypervisor.
Pretty straightforward interface assignment:
Physically, vmx1 is the port going to the switch, and vmx0 is going to the modem out to WAN. In ESXi I have one virtual switch for LAN and one for WAN. The WAN side is pretty straightforward, one port group and no VLAN tagging, assigned to the vmx0 interface. On the LAN vSwitch I have 3 port groups; one trunk (tagged 4095 as this is a special number to ESXi), one for VLAN 24 and the Management port group tagged VLAN 103. The port group tagged 4095 is assigned to the pfSense VM's LAN interface.
Any thoughts on my mistake here would be appreciated. I supposed this thread would be better placed in L2/Switching/VLANs..
EDIT: Well, fixed my issue with accessing the ESXi management interface. Looked at the local console and it was complaining about not getting a DHCP lease. This is probably due to me accidentally disabling the DHCP client... In any case, I just gave it a static IP.