Shields Up test reports half of my service ports are OPEN!



  • Hi, I'm new here so sorry if this is posted in the wrong section or something, but I recently installed pfsense with my Verizon Fiber Optics router and put my pfsense box in a different subnet than the verizon router and put the pfsense in DMZ mode on the Verizon Router. I have forwarded ports 53, 80, and 8000 for my web server and I am running the pfsense webUI on port 8080. My question is however, when I run the "All Service Ports" Shields Up test from Gibson Research, it reports half of my ports are OPEN. I don't even want to turn my server on, considering the samba port is open (I think my ISP blocks that anyways), but is there any rules or changes I need to make within pfsense to ONLY allow ports that I forward inside?

    Extra Details: I also have UPnP enabled and have the Squid proxy installed

    Can anyone help me? I don't feel very secure right now  :-[ I also attached a screenshot so you can see which ports are open.

    Thanks!
    ![Screen shot 2010-09-23 at 9.13.19 PM.png](/public/imported_attachments/1/Screen shot 2010-09-23 at 9.13.19 PM.png)
    ![Screen shot 2010-09-23 at 9.13.19 PM.png_thumb](/public/imported_attachments/1/Screen shot 2010-09-23 at 9.13.19 PM.png_thumb)



  • Are you sure you're not scanning the VZ router?



  • Make sure the IP address reported by grc.com matches the IP address assigned to WAN interface on pfSense. If that's not the case then you're not testing pfSense's filtering but something else.



  • Sorry guys, I tried another website to test my firewall and it said all my ports were stealth except for the ones I am allowing for my server! Thanks.



  • I would still try to figure out why grc.com reported your ports open, usually grc.com is the most trustworthy service for checking open ports on your firewall.


Log in to reply