Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Leaktest seems to fail?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kdes
      last edited by

      Good Day

      We have pfsense between the WAN, LAN and OPT1.
      LAN for internet access via wifi and captive portal. OPT1 to access a security camera system from outside. All running on a separate data link not our main corporate data link

      I am a complete newbie to firewalls so please bare with me.

      When going to shields up and pcflank both leaktests fail. What does this mean? If i understand correctly that this is bad and means that im not fully or correctly protected. Do i perhaps have my firewall rules wrong or i need to do something else?
      When doing port scans all seems fine just the ones i want open for accessing the Camera system on the OPT1 network.

      WAN - internet ADSL line
      LAN - to allow users internet access on WIFI
      OPT - Camera system to connect from out side the network.

      WAN
      I have open the ports to allow us to access a camera system from outside the company using software. NATs in place.

      LAN
      To block anyone on the LAN to access the security cameras on OPT1 and router web portal on WAN. To only allow internet access.

      OPT1
      To complertly block going out from the OPT1 network.

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        so why did it say you failed?  Because you had ports open? You were not completely "stealth"? :rofl: That is price of doing business..  You do understand that Steve is kind of chicken little sky is falling sort of guy.. The industry really doesn't pay much attention to his look at me look at me antics ;)

        And what was this other site you checked with?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.11.1 | Lab VMs 2.8.1, 25.11.1

        1 Reply Last reply Reply Quote 0
        • P Offline
          P3R
          last edited by

          As I do very much notice the word "security" in a sentence that reads "…access a security camera system from outside…", I would only implement such access over a reasonably secure VPN-solution. Personally I happen use IPSec but OpenVPN is also available in pf Sense if I'm not mistaken.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            I personally wouldn't allow any outside access to any camera - unless your running some sort of p0rn related thing ;) heheeh

            But what he does or doesn't allow access to is really besides the point..  I don't think that shields up site will say you pass unless you don't have any ports, don't answer ping or any icmp, etc. etc..  If you even send a RST on something prob says you fail ;)

            "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. "

            OMG – my public IP answered a PING...  So I failed his "security" scare tactics test... ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.11.1 | Lab VMs 2.8.1, 25.11.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.