Ports visible to the world behind Netgate appliance
-
Hi all,
I get great comfort knowing I have my network hidden behind a Netgate 2100 and pfSense+, especially with IoT devices where there's just no way to know when they were last updated, and if they have any vulnerabilities.
When I do a GRC port scan though two ports, it looks like 89 and 90, are visible, showing as closed by reporting. Previously the entire network showed as stealth. Does anybody have any advice for me on this on maybe anything that could be changed in pfSense to stop these ports reporting?
I'm on Starlink if it's relevant and helpful. Thanks all.
-
I really want you to do the very same test using the your 2100 device on another site.
If possible, not a Starlink site.What you can do right now :
Remove your PC from pfSense (LAN port).
Remove pfSense from the Starlink 'box'
Attach PC to Startlink box.
=> !! Set the PC network to Public - not Private !! as a Windows PC has a lot of open ports when using Private networking.
My PC is french, select this one :
Do the test again.
Btw : I presume you have no WAN firewall rules
-
@Gertjan Did that, got a different result by the visible ports before were now in stealth. So it's definitely the Netgate allowing them to show as closed.
And no, I don't have any firewall rules set with the exception of having my VPN configured in the Netgate.
Many thanks,
Mike
-
@Gertjan Okay, so I've plugged the Netgate back in and suddenly it's passed the test! I ran it three times just to be sure.
The second and third time though a different port was showing as closed.
What could have caused that do you think?
-
Reconnect pfSense.
Reconnect PC on pfSense LAN.
Open the pfSense console (also good : ssh) and use menu option 8.Execute these two
sockstat -4 | grep ':89' sockstat -4 | grep ':90'Any hits ?
and
sockstat -4to see every process, and ports & protocols (TCP or UDP) used.
Btw : be assured : A pfSense just installed is 100 % 'stealth' on its WAN interface == doesn't reply to any request what so ever.
-
@Gertjan Gotta be honest I'm not sure how to do that. I got into the console and chose option 8 (Shell) and 12 (PHP Shell + Netgate psSense Plus Tools) but nothing happened with your commands. Sorry, I'm a UI kind'a guy.
Mike
-
@Gertjan And now it's cooperating again suddenly, did several tests. Perhaps it was a blip?! Is there something I can set in the firewall though for extra peace of mind?
Thanks for your help
-
@MikeHalsey said in Ports visible to the world behind Netgate appliance:
I got into the console and chose option 8 (Shell)
You saw the menu :
Type 8 + enter and you have 'full control'.
Then you type (copy past) the commands I've shown above.
Btw : not really needed now, but keep in mind that the GUI is just a (several !) layers above the 'real' stuff.
Even the command line is a layer, but you can use command that can tell you everything about the system.
The golden rule appies : if all goes well, you don't need (to access) it.
