Leaktest seems to fail?



  • Good Day

    We have pfsense between the WAN, LAN and OPT1.
    LAN for internet access via wifi and captive portal. OPT1 to access a security camera system from outside. All running on a separate data link not our main corporate data link

    I am a complete newbie to firewalls so please bare with me.

    When going to shields up and pcflank both leaktests fail. What does this mean? If i understand correctly that this is bad and means that im not fully or correctly protected. Do i perhaps have my firewall rules wrong or i need to do something else?
    When doing port scans all seems fine just the ones i want open for accessing the Camera system on the OPT1 network.

    WAN - internet ADSL line
    LAN - to allow users internet access on WIFI
    OPT - Camera system to connect from out side the network.

    WAN
    I have open the ports to allow us to access a camera system from outside the company using software. NATs in place.

    LAN
    To block anyone on the LAN to access the security cameras on OPT1 and router web portal on WAN. To only allow internet access.

    OPT1
    To complertly block going out from the OPT1 network.

    Thank you in advance.


  • LAYER 8 Global Moderator

    so why did it say you failed?  Because you had ports open? You were not completely "stealth"? :rofl: That is price of doing business..  You do understand that Steve is kind of chicken little sky is falling sort of guy.. The industry really doesn't pay much attention to his look at me look at me antics ;)

    And what was this other site you checked with?



  • As I do very much notice the word "security" in a sentence that reads "…access a security camera system from outside…", I would only implement such access over a reasonably secure VPN-solution. Personally I happen use IPSec but OpenVPN is also available in pf Sense if I'm not mistaken.


  • LAYER 8 Global Moderator

    I personally wouldn't allow any outside access to any camera - unless your running some sort of p0rn related thing ;) heheeh

    But what he does or doesn't allow access to is really besides the point..  I don't think that shields up site will say you pass unless you don't have any ports, don't answer ping or any icmp, etc. etc..  If you even send a RST on something prob says you fail ;)

    "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. "

    OMG – my public IP answered a PING...  So I failed his "security" scare tactics test... ;)


Log in to reply