Questions regarding port 80 & 53 being open when not displayed in wan rules?
-
My current firewall for the wan only has ports open for openvpn. I did a slow nmap scan and it showed ports 53 and 80 are open to my public IP. I then could connect to 80 via ncat. Are those open by default on pfsense and just not displayed in the firewall rules or do you think my ISP cable modem has them open?
[root@linux nmap-6.00]# ./nmap -T 1 -PN -n -sS -p 1-1024 9*...***
Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-11 16:36 EDT
Nmap scan report for 9*...***
Host is up (0.0057s latency).
Not shown: 618 filtered ports, 404 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 27092.88 seconds
[root@linux nmap-6.00]# -
That is interesting. Mine shows port 53 as filtered, but http open. When I try to browse, it doesn't load anything. I am guessing that this is a function of the redirect?
-
Redirect for what on the wan? Sorry, I don't follow.
-
I have auto re-direct from port 80 to 443 for my web interface. I am thinking that is what is opening port 80 on the WAN side. I am not sure though. will need to confirm later.
-
Those do not show open on my pfsense box
Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-12 18:57 Central Europe Standard Time
Nmap scan report for c-24-13-xx-xx.hsd1.il.comcast.net (24.13.xx.xx)
Host is up.
PORT STATE SERVICE
53/tcp filtered domain
Nmap done: 1 IP address (1 host up) scanned in 1.15 secondsAnd same goes for 80
PORT STATE SERVICE
80/tcp filtered httpYou sure when you say "cable modem" you don't mean gateway? If your "modem" is being seen when doing a scan of your public IP, then its doing NAT and not a actual modem or gateway in bridge mode at all.
So if you look on your pfsense box for its WAN IP, you show it as this IP? 9*...***
Or does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ??
-
I see pfsense as my external 9**. I disabled snort and did a full scan and didn't see it. I am now going to turn snort back on and just scan for 53 and 80. Not sure. my cable modem has voip attached to it outside of my pfsense box. not sure…