Port 443 open
-
my pfsense box is redirecting https to a random '404 not found' page. The port is open when i do a portscan. This is causing issues as I am trying to allow pfsense web gui access via port 443 which isnt working and I am assuming this is because something else is using the port.
There are no firewall or nat lists for port 443 at all.
-
See below for what happens when i view the https address
-
The 404 error is obviously being generated by something. What is your network setup? Do you have a router between your pfSense machine and your ISP? Is the IP address you're trying to access external (I'm assuming so) or internal? A bit of info would go a long way - ideally a diagram of your internal network, your external connection and where your pfSense machine sits within them.
-
Sorry for lack of details, and thanks for your response.
Network is:
Internet > ADSL Modem > PFSense using PPPoE for internet > Switch/Wireless AP
The issue occurs when accessing the external IP address from a remote machine. If i access the external ip address from a local machine, it works fine.
I dont understand what would be opening the SSL port if pfsense is set to block it..I guess the only thing it can be is the ADSL Modem, is that correct?
-
Unless you bridged the modem, you need to do all the port forwarding on the modem (as well as on pfSense when the box is not pfSense itself); "allow pfsense web gui access via port 443" on WAN is extremely bad idea, use VPN.
-
The modem is being bridged (i have not got double nat). As the link is adsl (RJ11 cable) the modem is used to provide rj45 connection to the pfsense box.
I am aware web gui access is not secure, but is OK for my small test network.
I'm basically just trying to work out what the heck would be causing port 443 to be open from the outside when there is no rule in pfsense to allow it.
-
Because you are still hitting the modem, or something in front of pfSense? Do you even have public IP (as opposed to being stuck behind CGN)? There's packet capture available in the GUI, stop guessing.
-
Yes i have a public static IP address. Used the packet capture to capture 100 packets for port 443 only. Got 100 random address attempts to access it. lol maybe I will just leave it down. I'll go into the modem and assume that is what is keeping the port open..Cheers.
-
Confirmed modem is not allowing port 443, and added a block of port 443 to the firewall. Port is still open lol. Could my ISP be doing something?
-
Post a screenshot of WAN rules on pfSense.
-
Here are the wan rules..This is very strange. I am thinking of re-installing pfsense to see if that makes a difference?
-
That won't make any difference, plus definitely not convinced that 404 comes from pfSense. "The requested resource is not found" is either IIS or Tomcat error message. Not lighttpd. When you go to a non-existent page on pfSense GUI, you get plain "404 - Not Found".
-
I'll bypass pfsense with a standard home-based router tonight and see weather the port is still open. I agree with you - I doubt that message is coming from pfsense. I must admit I am a little concerned maybe the server has been compromised
-
It's definitely pfsense keeping port 443 open. I have put the modem non-bridging mode and the port is closed. Could some glitch in pfsense be causing this? I'm at a loss as to what to do DX
-
Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?
:(
-
A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?
-
Already suggested to do a packet capture. Then there are firewall logs. As for hunting ghosts, no, no suggestions. Produce some information to work with. https://ip_ommited and a 404 that clearly does not come from pfSense is not useful. Did you enable some UPnP junk?
:(
Yep you were correct!!!
I very much appreciate your persistance in replying, despite my ignorance/vague replies. You have saved me a lot of grief!!!
-
A thought: Just to double-check, where are you hitting 'ip omitted' from? Are you pointing to the ip address from a machine inside your network or from outside?
I manually wrote 'ip omitted' as i didnt want the public internet knowing what my IP address is. It was a public address for what its worth. Cheers.
-
I understand if no one replies to this - (unrelated) but could someone please explain why Windows Media player requires https port forwarded? cheers.
-
You need to ask MS. Please, disable or at least severely restrict the UPnP access, there are some examples in the GUI. Very dangerous without any restrictions.