• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall not blocking port access?

Scheduled Pinned Locked Moved IDS/IPS
4 Posts 3 Posters 382 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    xokia
    last edited by Apr 11, 2024, 2:53 AM

    The only port forwarding I have open is to 192.168.3.12 I do have port 80 and port 443 forwarded to 192.168.3.12. What I am not understanding is how am I even seeing anything going to 192.168.3.2? I would think the firewall would block that? I have nothing at 192.168.3.2

    8bf41701-daf9-44b4-a622-06fa43cfb8ea-image.png

    S 1 Reply Last reply Apr 11, 2024, 3:40 AM Reply Quote 0
    • S
      SteveITS Galactic Empire @xokia
      last edited by Apr 11, 2024, 3:40 AM

      @xokia Those would be responses from the web server to that device.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 1
      • B
        bmeeks
        last edited by bmeeks Apr 11, 2024, 6:00 PM Apr 11, 2024, 5:58 PM

        Where do you have Suricata running: WAN or LAN interface?

        If WAN, Suricata sits out in front of the firewall and thus sees inbound traffic before any firewall rules have been applied. This is one reason I recommend running Suricata on internal interfaces and not on the WAN. It will be checking and blocking traffic the subsequent firewall rules are going to block anyway, so you are doing double work for no benefit. Check out these diagrams to see how Suricata is plumbed in pfSense:

        ids-ips-network-flow-legacy-mode.png
        ids-ips-network-flow-ips-mode.png

        X 1 Reply Last reply Apr 14, 2024, 1:45 AM Reply Quote 0
        • X
          xokia @bmeeks
          last edited by Apr 14, 2024, 1:45 AM

          @bmeeks

          I have Snort running on my local LAN.

          This is actually a durp moment. I had assigned a static IP to my local desktop because I was accessing a new managed switch I purchased to set the switch up for my network. I forgot to switch the desktop IP back. So while I was saying nothing existed at 192.168.3.2 it was actually the machine I was using to access everything. So False alarm.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received