HELP! Webport 80 open!! PFSense login publicly accessible
-
I am not sure how I got into this situation, but if I type my ip address:80 into my browser I land on my pfsense login page. I checked with nord vpn on my phone and still I can access it.
I'm not aware of doing anything to enable this but i ran GRC's Port authority against my ip and found this out.
As I say, I didn't do this, or knowing do this.
Can anyone advise me how to block this port on the WAN? It's an obviously huge security error on my part.
I just recently moved to fibre with a static publicly accessable IPv4 address, I was behind Starlink CGNAT before. For the moment I have disabled the fibre and back on starlink.
-
@IanMcLeish you did check from outside of your LAN?
Can you show the WAN and Floating firewall rules, plus what version of pfSense you are using?
-
@patient0 I checked on my work computer using Chrome remote desktop, and on my phone using A VPN, with wifi off. So it is.
But as per your suggestion, flaoting rules were all to do with pfBlockerng Geoip restirctions, I disabled PfBlockerng, not difference, but now I know what I did!
When I set up my new fibre interface - I used another ethernet port rather than disconnecting Starlink, I was spooked by the
'No rules are currently defined for this interface
All incoming connections on this interface will be blocked until pass rules are added. Click the button to add a new rule.'And I stupidly added a pass rule to any on any protocol on the fibre link. I stupidly thought that the link would work without passing stuff.
I'm gonna turn off Starlink and default my Gateway back to the fibre.
Thanks for your suggestions, I am not a newbie to PFSense, but I did kindof set it and forget it a couple of years ago, so I am not too skilled at this. Maybe I should have gone with something more simple, but I needed something instead of the Starlink router.
Yes, my own stupid fault - I got confused about all incoming connections will be blocked, which I took to mean it wouldn't work. Deleting that one rule means a true stealth score on Shields Up, and no longer opening my pfsense to everybody. WHat an idiot!
Idiots sometime need a push in the right direction, thankyou for the push patient0
Ian
I would rather just delete this and not look like such an idiot, but maybe someone else will learn from my stupidity.
-
@IanMcLeish you're quite hard with yourself, happens to the best of us. And you're checking your firewall from the outside, so you're doing the right thing and helped fixing the issue.
All incoming connections on this interface will be blocked until pass rules are added. Click the button to add a new rule.'
I took me a while to internalize that 'in' means into the router from the interface I'm looking at. After that it does make sense that for LAN -> WAN outgoing traffic there are no rules needed on WAN (for stateful traffic).
-
@patient0 Thanks for your help, believe me I looked and looked for a long time before I asked!
Only when I found the rule, well when I deteted it did I recall making that booboo.
Thanks again for the help! Very much appreciated!
