Major security problem
-
I am running:
2.0-BETA4 (i386)
built on Wed Nov 3 04:00:38 EDT 2010
FreeBSD 8.1-RELEASE-p1I just had a quick look through my logs and I noticed a lot of attempted SSH connections and auto blocking kicking in.
Upon further investigation my HTTPS admin interface is also available on the WAN interface (tested using a 3G device)!
I have no rules to allow this and was under the impression they were blocked by default! http://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN%3F
My uptime is 5 days I did not notice any of these connection attempts in the first couple of days making me wonder if something is failing then allowing this through?
These are the only WAN rules I have:
Proto Source Port Destination Port Gateway Queue Schedule Description
-
RFC 1918 networks * * * * * Block private networks
-
Reserved/not assigned by IANA * * * * * * Block bogon networks
TCP * * 192.168.10.6 7244 * none NAT Webmail In
TCP/UDP * * 192.168.10.6 4342 * none NAT Utorrent Wan1
Any ideas?
-
-
Just rebooted and still accessible from WAN :(
-
I found the issue:
As I have multiple WAN connections, I have a routing Group Set up called WANS
Group Name Gateways Priority
WANS WANGW Tier 1
GW_OPT1 Tier 1I was under the impression this was used for outbound routing, I have a lan rule set to allow traffic out to this gateway group.
The WANS gateway group then has this rule:
Proto Source Port Destination Port Gateway Queue Schedule Description
* * * * * WANS none Default allow LAN to any rule
I thought this was the correct way to set this up?
Or am I being a noob? :D
-
I think this may be some sort of bug.
I believe it was because I called the gateway group WANS which is possibly a reserved/special name????
Because when I added that I got an extra firewall tab (see screen shot attached) I thought that was the way it worked and added the rule that has been causing this issue (since deleted).
-
only your config.xml can tell
-
Relevant config bits, if you need any others let me know:
GW Groups:
- <gateway_group><name>WANS</name>
WANGW|1
GW_OPT1|1
<trigger>down</trigger></gateway_group> - <gateway_group><name>PreferWAN2</name>
WANGW|5
GW_OPT1|1
<trigger>down</trigger></gateway_group>
<ppps>- <ifgroups>- <ifgroupentry><members>wan</members>
- <descr>- ]]></descr>
<ifname>WANS</ifname></ifgroupentry></ifgroups>
This was the offending rule:
- <rule><id><type>pass</type>
<interface>WANS</interface>
<tag><tagged><max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><any></any></destination> - <descr>- ]]></descr>
<gateway>WANS</gateway></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule>
-</ppps>
- <gateway_group><name>WANS</name>
-
I think this is a case of me being a noob and misconfiguring, confusing IF groups with routing groups!