Questions regarding port 80 & 53 being open when not displayed in wan rules?

Firewalling
Log in to reply
  • N

    My current firewall for the wan only has ports open for openvpn.  I did a slow nmap scan and it showed ports 53 and 80 are open to my public IP.  I then could connect to 80 via ncat.  Are those open by default on pfsense and just not displayed in the firewall rules or do you think my ISP cable modem has them open?

    [root@linux nmap-6.00]# ./nmap -T 1 -PN -n -sS -p 1-1024 9*...***

    Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-11 16:36 EDT
    Nmap scan report for 9*...***
    Host is up (0.0057s latency).
    Not shown: 618 filtered ports, 404 closed ports
    PORT  STATE SERVICE
    53/tcp open  domain
    80/tcp open  http

    Nmap done: 1 IP address (1 host up) scanned in 27092.88 seconds
    [root@linux nmap-6.00]#

    0
  • P

    That is interesting. Mine shows port 53 as filtered, but http open. When I try to browse, it doesn't load anything. I am guessing that this is a function of the redirect?

    0
  • N

    Redirect for what on the wan? Sorry, I don't follow.

    0
  • P

    I have auto re-direct from port 80 to 443 for my web interface. I am thinking that is what is opening port 80 on the WAN side. I am not sure though. will need to confirm later.

    0
  • johnpoz
    LAYER 8 Global Moderator

    Those do not show open on my pfsense box

    Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-12 18:57 Central Europe Standard Time
    Nmap scan report for c-24-13-xx-xx.hsd1.il.comcast.net (24.13.xx.xx)
    Host is up.
    PORT STATE SERVICE
    53/tcp filtered domain
    Nmap done: 1 IP address (1 host up) scanned in 1.15 seconds

    And same goes for 80
    PORT STATE SERVICE
    80/tcp filtered http

    You sure when you say "cable modem" you don't mean gateway?  If your "modem" is being seen when doing a scan of your public IP, then its doing NAT and not a actual modem or gateway in bridge mode at all.

    So if you look on your pfsense box for its WAN IP, you show it as this IP? 9*...***

    Or does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ??

    0
  • N

    I see pfsense as my external 9**.  I disabled snort and did a full scan and didn't see it.  I am now going to turn snort back on and just scan for 53 and 80.  Not sure.  my cable modem has voip attached to it outside of my pfsense box.  not sure…

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy