Some ports show up as open?
Just did a scan from inside my network to my dyndns adress (which is not really a perfect way but I don't have an external shell).
21/tcp open ftp?
53/tcp open domain ISC Bind dnsmsq-2.22
80/tcp open http (this one is ok since it's my webserver in the DMZ)
443/tcp open ssl/http
Why are these other three ports open? Is the admin portion of pfense open from the outside?
You really should scan from external. Half of these items are actually redirects from the lan and back.
The best : http://grc.com !!
Go to the test right here : https://www.grc.com/x/ne.dll?bh0bkyd2 : click Proceed and do a All Service port scan.
You'll have all the answers right away.
21 is the ftp proxy
53 is the dns forwarder
80 is your nat reflection as you said
443 is most likely the webgui (running it as https?)
It's ok if these appear open from the inside but they will show up blocked from external (besides the port 80).
My port 21 shows up as open also from the outside even though it isn't. I also have the tried checking and unchecking the ftp userland proxy in the interface and it doesn't seem to change it.
I would really like port 21 to not show open.
Be sure to not test this from behind a pfSense firewall. It will redirect outgoing requests to port 21 which will false and make it look like the destination ip 21 is open, but its not.
Btw, if you scan this from behind another pfsense that has the ftp proxy enabled at LAN you see ftp open on ANY site you scan. This is due to the way that the ftphelper works.
Cool, you were right on this one. I checked from home and it was ok. I was checking from my secondary location… but I use pfsense there also. Thanks for the reminder.