Menu
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
181 Views
Message 1 of 11
Flag for a moderator

Blocked Ports

Sorry if I'm dragging up old topics, but I am having issues forwarding ports 80 and 443.  At first I thought it was just me being a little dumb as I've been here before and it was my old router that was blocking the port.  This time it seems to be something different, I had issues with my router a few weeks ago and I reinstalled pfSense, I've been trying to set up port forwarding since then, originally thinking it was my mistake.  As a test I ran a full port scan using shields up and checked my router logs and this is what I am seeing

Feb 12 11:09:53WANDefault deny rule IPv4 (1000000103)  4.79.142.206:33699  *.*.*.*:79TCP:S
Feb 12 11:09:53WANDefault deny rule IPv4 (1000000103)  4.79.142.206:33699  *.*.*.*:81TCP:S

 

It looks like port 80 isn't reaching my router and it's interesting that both port 80 and 443 are showing as closed not stealth the same as Virgins blocked ports.  Have Virgin recently blocked these ports and if so can I get them opened? 

0 Kudos
Reply
tehwolf
  • 1.61K
  • 261
  • 391
Superfast
172 Views
Message 2 of 11
Flag for a moderator

Re: Blocked Ports

what are you trying to do? do you want to be able to manage your pfsense box over the internet on 80/443 or do you want to forward those ports into a different device on your network?

0 Kudos
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
167 Views
Message 3 of 11
Flag for a moderator

Re: Blocked Ports

I want to be able to access two different services, Huginn and NextCloud, the plan is to use HAProxy to redirect to different servers based on url. 

0 Kudos
Reply
tehwolf
  • 1.61K
  • 261
  • 391
Superfast
162 Views
Message 4 of 11
Flag for a moderator
Helpful Answer

Re: Blocked Ports

you'll need to do a few things then..

1. make sure that the pfsense install isn't listening on those ports on the wan interface

2. create an allow rule on the WAN interface to allow traffic on ports 443 and 80

3. create a port forward rule in the NAT configuration to forward traffic that hits those two ports to whatever the private IP address of the servers listening on those ports is.

edit: actually don't bother with 2 - just make sure that when you create the port forward you have the Filter Rule Association set to "Add associated filter rule" which will automatically add the rule to the FW..  

0 Kudos
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
153 Views
Message 5 of 11
Flag for a moderator

Re: Blocked Ports

yep - changed the port of the webConfigurator, tried both NAT + Proxy and Pure NAT in NAT Reflection, disabled the web configurator redirect rule, and set up two rules to forward port 80 and 443 to the right server.

Even with out these set I would expect to see the port checker trying to access port 80 and it's not

0 Kudos
Reply
tehwolf
  • 1.61K
  • 261
  • 391
Superfast
151 Views
Message 6 of 11
Flag for a moderator
Helpful Answer

Re: Blocked Ports


@wilko1971 wrote:

yep - changed the port of the webConfigurator, tried both NAT + Proxy and Pure NAT in NAT Reflection, disabled the web configurator redirect rule, and set up two rules to forward port 80 and 443 to the right server.

Even with out these set I would expect to see the port checker trying to access port 80 and it's not


are your internal servers up and running and listening on the relevant ports? 

as for the checker - i have no idea why it's not checking those ports.. that's something to do with the checker, not the pfsense install.. 

0 Kudos
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
148 Views
Message 7 of 11
Flag for a moderator

Re: Blocked Ports

This is what I am seeing in shields up, as you can see both port 80 and 443 are responding the same way as virgins blocked ports

Capture.PNG

0 Kudos
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
147 Views
Message 8 of 11
Flag for a moderator

Re: Blocked Ports

The server is on and if I run sudo lsof -i -P -n | grep LISTEN

I can see 

docker-pr 174489 root 4u IPv4 14234721 0t0 TCP *:443 (LISTEN)
docker-pr 174502 root 4u IPv4 14234768 0t0 TCP *:80 (LISTEN)

So it looks like the ports are open and listening - although running telnet 192.168.1.35 80 comes up with connection refused, while if I telnet 3000 it works.

I'm going to down my docker containers and put Huginn on port 80 and see what that does.

 

0 Kudos
Reply
wilko1971
  • 11
  • 0
  • 2
Tuning in
141 Views
Message 9 of 11
Flag for a moderator

Re: Blocked Ports

I downed my docker containers, and stopped nextCloud from running on port 80 and 443, changed Huginn from 3000 to 80 and now the port checker is showing the port as open - still can't reach the page but that is a different problem. I think I'll recreate the NexCloud container knowing that's where the problem lies.

Thanks for your help.  I appreciate it. 

tehwolf
  • 1.61K
  • 261
  • 391
Superfast
128 Views
Message 10 of 11
Flag for a moderator
Helpful Answer

Re: Blocked Ports

sounds like you might not be passing through the ports on the container to the host system...?

edit; also, does the host system have a firewall configured? might need to allow traffic on the ports there too..  

0 Kudos
Reply