1. Home
  2. pfSense® Software
  3. Virtualization
  4. Portscanning pfSense running in VirtualBox

Portscanning pfSense running in VirtualBox

  • S

    Hi pfSense community,

    I have setup a pfSense VirtualBox like so:

    To explain what's going on here:
    The router assigns the IP addresses 192.168.178.20 and 192.168.178.21 via DHCP to the Laptop and the VirtualBox pfSense.
    I can reach the router (with 192.168.178.1) and the pfSense (with 192.168.56.11) from 192.168.178.20.
    192.168.56.11 is the IP of the host-only adapter.

    The problem:
    My goal is to do simple nmap scans and ping tests from 192.168.178.1 to 192.168.178.21.

    Doing nmap scans gave me the message, that all 1715 scanned ports on 192.168.178.21 were filtered.
    Pinging the pfSense resulted in a 100% packet loss.

    I guessed it had something to do with strict rules, so I tried removing firewall rules, NAT rules etc.
    Still, it didn't work.

    0
  • johnpoz
    LAYER 8 Global Moderator

    "My goal is to do simple nmap scans and ping tests from 192.168.178.1 to 192.168.178.21."

    And what do you think would be open..  The default rules drop all unsolicited traffic to the wan.. So no shit ping is going to fail and every single port you scan is going to be juts dropped.

    0
  • S

    Hey John,
    sorry for the late answer.
    First of all, I wish you kind of a late Merry Christmas and a Happy New Year.

    And now back to topic.
    You are right. After I disabled pretty much everything in relation to NAT and firewall rules, I additionally configured some port forwardings and was then able to ping the virtualized pfSense and do port scans.
    This obviously defeats the purpose of those tests, because in a default configuration nobody would disable the firewall.

    So I guess there is no way then to do these little tests, when it drops all input. Is this correct?
    How would professional pentesters do this from a WAN side, then?

    Do they try to run through known open ports and run exploits on them?

    0
  • johnpoz
    LAYER 8 Global Moderator

    A pen test is to find out what is open, or vulnerable.

    If you have no forwards there is not much open for them to test..  So a at a loss to the point of your question in the first place.

    0
  • S

    @johnpoz:

    If you have no forwards there is not much open for them to test.

    Thanks for your answers. So by default no ports are open on the pfSense, right?

    0
  • johnpoz
    LAYER 8 Global Moderator

    By default no there is NOTHING open to the wan interface..  What kind of firewall would it be if it allowed open ports to its public side by default? ;)

    0
  • S

    Okay, thanks again! Thread solved.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy