• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Nmap reports access to admin access port

Scheduled Pinned Locked Moved webGUI
9 Posts 4 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chrisjx
    last edited by Sep 1, 2013, 6:14 PM Sep 1, 2013, 6:35 AM

    I'm trying to clear extra open ports from my pfsense setup.

    I have cable on my wan, and  dsl on wan2.  I have a few  IP addresses associated with wan2.

    I set up a unique port to access the web admin pages, port 83.

    The problem, I think, is that when I scan any of the wan2 associated IP/domain names with nmap it always reports that port as open.  Nmap reports:
    Discovered open port 83/tcp on xx.xx.xx.xx

    Accessing the webGUI from any of the WAN2 domain names results in this error:

    Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
    Try accessing the router by IP address instead of by hostname.

    I thought it was only available internally on the LAN interface.  I can't seem to find where that port is defined as open on the WAN2 interface.

    Thanks for any advice,
    Chris.

    –
    2.0.3-RELEASE (i386)
    built on Fri Apr 12 10:22:21 EDT 2013
    FreeBSD 8.1-RELEASE-p13

    You are on the latest version.

    BTW, I have the same problem with nmap detecting port 53.  Nmap reports:
    Discovered open port 53/tcp on xx.xx.xx.xx

    1 Reply Last reply Reply Quote 0
    • C
      chrisjx
      last edited by Sep 1, 2013, 6:19 PM

      Perhaps my post is too long winded…

      How do I shut down ports 83 (my webgui admin port) and 53 (dnsmasq) from WAN2 nmap reports.

      Thanks,
      Chris.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by Sep 2, 2013, 5:43 PM

        By default, everything will be blocked on WAN2. What firewall rules do you have on WAN2?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • C
          chrisjx
          last edited by Sep 2, 2013, 6:43 PM

          I have 17 firewall rules on WAN2, none of them reference ports 83 (my web admin port) or 53 (dnsmasq?).  I used System: Advanced: Admin Access page to enter the custom port number for the webConfigurator.

          I just don't see the reference to ports 83 or 53 on WAN2 so I am suspecting some checkbox that sets these behind the scenes.

          I do see the Anti-Lockout Rule on the LAN interface for port 83.  There is also a Default allow LAN to any rule.  Those are the only ones on the LAN.

          Thanks for any tips,
          Chris.

          PS: is there a listing or file I can open to see my real config?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by Sep 2, 2013, 6:47 PM

            Perhaps you should just stop "testing" WAN rules from within LAN, as the "Potential DNS Rebind attack detected" suggests you have done?

            1 Reply Last reply Reply Quote 0
            • C
              chrisjx
              last edited by Sep 2, 2013, 7:22 PM

              hmm.  doktornotor, are you suggesting that I'm getting these extra open port reports from nmap because my laptop, from which I am running nmap, is on the LAN interface?

              I'll try again from my work office tomorrow.

              Thanks,
              Chris.

              1 Reply Last reply Reply Quote 0
              • C
                chrisjx
                last edited by Sep 2, 2013, 7:33 PM

                Here's the nmap report (from a laptop connected to the LAN interface), most personal info altered…

                $ nmap -v -T4 -A -v mydomain.net

                Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-02 12:13 PDT
                NSE: Loaded 93 scripts for scanning.
                NSE: Script Pre-scanning.
                NSE: Starting runlevel 1 (of 2) scan.
                NSE: Starting runlevel 2 (of 2) scan.
                Initiating Ping Scan at 12:13
                Scanning mydomain.net (999.999.999.999) [2 ports]
                Completed Ping Scan at 12:13, 1.20s elapsed (1 total hosts)
                Initiating Parallel DNS resolution of 1 host. at 12:13
                Completed Parallel DNS resolution of 1 host. at 12:13, 0.02s elapsed
                Initiating Connect Scan at 12:13
                Scanning mydomain.net (999.999.999.999) [1000 ports]
                Discovered open port 3389/tcp on 999.999.999.999
                Discovered open port 80/tcp on 999.999.999.999
                Discovered open port 53/tcp on 999.999.999.999
                Discovered open port 22/tcp on 999.999.999.999
                Discovered open port 83/tcp on 999.999.999.999
                Completed Connect Scan at 12:13, 4.72s elapsed (1000 total ports)
                Initiating Service scan at 12:13
                Scanning 5 services on mydomain.net (999.999.999.999)
                Completed Service scan at 12:13, 24.89s elapsed (5 services on 1 host)
                NSE: Script scanning 999.999.999.999.
                NSE: Starting runlevel 1 (of 2) scan.
                Initiating NSE at 12:13
                Completed NSE at 12:13, 2.21s elapsed
                NSE: Starting runlevel 2 (of 2) scan.
                Nmap scan report for mydomain.net (999.999.999.999)
                Host is up (0.00053s latency).
                rDNS record for 999.999.999.999: dslxxx1.sfo4.dsl.speakeasy.net
                Scanned at 2013-09-02 12:13:07 PDT for 33s
                Not shown: 995 filtered ports
                PORT    STATE SERVICE      VERSION
                22/tcp  open  ssh?
                53/tcp  open  domain        dnsmasq 2.65
                | dns-nsid:
                |_  bind.version: dnsmasq-2.65
                80/tcp  open  http          Apache httpd 2.2.22 ((Ubuntu))
                |_http-methods: GET HEAD POST OPTIONS
                |http-title: Site doesn't have a title (text/html).
                | http-robots.txt: 1 disallowed entry
                |
                /
                |_http-favicon: Unknown favicon MD5: xxx
                3389/tcp open  ms-wbt-server xrdp
                83/tcp open  ssl/http      lighttpd 1.4.32
                | ssl-cert: Subject: commonName=www.mydomain.net/organizationName=My Domain/stateOrProvinceName=Texas/countryName=US/emailAddress=chris@mydomain.net/localityName=Dallas
                | Issuer: commonName=internal-ca/organizationName=My Domain/stateOrProvinceName=Texas/countryName=US/emailAddress=chris@mydomain.net/localityName=Dallas
                | Public Key type: rsa
                | Public Key bits: 2048
                | Not valid before: 2013-09-01 06:47:02
                | Not valid after:  2023-08-30 06:47:02
                | MD5:  xxx
                | SHA-1: xxx
                | –---BEGIN CERTIFICATE-----
                | xxx
                |-----END CERTIFICATE-----
                |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
                |_http-favicon: Unknown favicon MD5: xxx
                |_http-title: 501

                NSE: Script Post-scanning.
                NSE: Starting runlevel 1 (of 2) scan.
                NSE: Starting runlevel 2 (of 2) scan.
                Read data files from: /usr/bin/../share/nmap
                Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
                Nmap done: 1 IP address (1 host up) scanned in 33.49 seconds

                1 Reply Last reply Reply Quote 0
                • P
                  ptt Rebel Alliance
                  last edited by Sep 2, 2013, 11:07 PM

                  You should test your WAN Firewall Rules "From Outside", when you are connected to the LAN of the pfSense, you can use something like the "Nmap Online Scanner" to test your Rules  ;)

                  http://nmap.online-domain-tools.com/

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by Sep 3, 2013, 12:31 AM

                    What ptt said above. You cannot meaningfully test WAN from LAN. (Best case, it will get NAT-reflected back to LAN.)

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received