Portscanning pfSense running in VirtualBox

  • Hi pfSense community,

    I have setup a pfSense VirtualBox like so:

    To explain what's going on here:
    The router assigns the IP addresses and via DHCP to the Laptop and the VirtualBox pfSense.
    I can reach the router (with and the pfSense (with from is the IP of the host-only adapter.

    The problem:
    My goal is to do simple nmap scans and ping tests from to

    Doing nmap scans gave me the message, that all 1715 scanned ports on were filtered.
    Pinging the pfSense resulted in a 100% packet loss.

    I guessed it had something to do with strict rules, so I tried removing firewall rules, NAT rules etc.
    Still, it didn't work.

  • LAYER 8 Global Moderator

    "My goal is to do simple nmap scans and ping tests from to"

    And what do you think would be open..  The default rules drop all unsolicited traffic to the wan.. So no shit ping is going to fail and every single port you scan is going to be juts dropped.

  • Hey John,
    sorry for the late answer.
    First of all, I wish you kind of a late Merry Christmas and a Happy New Year.

    And now back to topic.
    You are right. After I disabled pretty much everything in relation to NAT and firewall rules, I additionally configured some port forwardings and was then able to ping the virtualized pfSense and do port scans.
    This obviously defeats the purpose of those tests, because in a default configuration nobody would disable the firewall.

    So I guess there is no way then to do these little tests, when it drops all input. Is this correct?
    How would professional pentesters do this from a WAN side, then?

    Do they try to run through known open ports and run exploits on them?

  • LAYER 8 Global Moderator

    A pen test is to find out what is open, or vulnerable.

    If you have no forwards there is not much open for them to test..  So a at a loss to the point of your question in the first place.

  • @johnpoz:

    If you have no forwards there is not much open for them to test.

    Thanks for your answers. So by default no ports are open on the pfSense, right?

  • LAYER 8 Global Moderator

    By default no there is NOTHING open to the wan interface..  What kind of firewall would it be if it allowed open ports to its public side by default? ;)

  • Okay, thanks again! Thread solved.

Log in to reply