Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Leaktest seems to fail?

    Firewalling
    3
    4
    745
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kdes last edited by

      Good Day

      We have pfsense between the WAN, LAN and OPT1.
      LAN for internet access via wifi and captive portal. OPT1 to access a security camera system from outside. All running on a separate data link not our main corporate data link

      I am a complete newbie to firewalls so please bare with me.

      When going to shields up and pcflank both leaktests fail. What does this mean? If i understand correctly that this is bad and means that im not fully or correctly protected. Do i perhaps have my firewall rules wrong or i need to do something else?
      When doing port scans all seems fine just the ones i want open for accessing the Camera system on the OPT1 network.

      WAN - internet ADSL line
      LAN - to allow users internet access on WIFI
      OPT - Camera system to connect from out side the network.

      WAN
      I have open the ports to allow us to access a camera system from outside the company using software. NATs in place.

      LAN
      To block anyone on the LAN to access the security cameras on OPT1 and router web portal on WAN. To only allow internet access.

      OPT1
      To complertly block going out from the OPT1 network.

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        so why did it say you failed?  Because you had ports open? You were not completely "stealth"? :rofl: That is price of doing business..  You do understand that Steve is kind of chicken little sky is falling sort of guy.. The industry really doesn't pay much attention to his look at me look at me antics ;)

        And what was this other site you checked with?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        1 Reply Last reply Reply Quote 0
        • P
          P3R last edited by

          As I do very much notice the word "security" in a sentence that reads "…access a security camera system from outside…", I would only implement such access over a reasonably secure VPN-solution. Personally I happen use IPSec but OpenVPN is also available in pf Sense if I'm not mistaken.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            I personally wouldn't allow any outside access to any camera - unless your running some sort of p0rn related thing ;) heheeh

            But what he does or doesn't allow access to is really besides the point..  I don't think that shields up site will say you pass unless you don't have any ports, don't answer ping or any icmp, etc. etc..  If you even send a RST on something prob says you fail ;)

            "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. "

            OMG – my public IP answered a PING...  So I failed his "security" scare tactics test... ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            1 Reply Last reply Reply Quote 0
            • First post
              Last post