OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: mircsicz on June 03, 2018, 04:12:53 am

Title: [SOLVED] Port Forward on 443 not working but 1443 to the same machine is fine
Post by: mircsicz on June 03, 2018, 04:12:53 am: Hi all,

I've got a weird situation on a freshly installed APU.

I forwarded HTTPS from an Exchange to enable ActiveSync but the nmap scan only show's the port as filtered. But my SSH HiPort and SMTP are working as expected. Exchange sends and receive's Mail as expected and I'm currently using the SSH Access to check the Router's WebIF...

Packet Capture on target's OPNsense doesn't get a single package and on my OPNsense all I get is SYN packages...

Now here comes the funny part: If I forward Exchange's 443 to 1443 I get to see the login page!

I hope one of you has a hint as I'm kind a lost here...

BTW: Aunty Google showd me that from the other pf based distri: https://forum.netgate.com/topic/121743/port-forwarding-http-and-https-dont-work-on-pfsense-2-4-0-sg2220/12 But this is a UnityMedia Business Line and they told me not to block any port... And as I'm on a UnityMedia Business connection to I could approve that by forwarding one of my internal HTTPS enabled host's and accessing it through LTE and another external device!

Code: [Select]
mircsicz@macbook-pro-wlan ~ $ nmap -sT -P0 -p443 3x.24.13.166 Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-03 04:48 CEST Nmap scan report for b2b-3x-24-13-166.unitymedia.biz (3x.24.13.166) Host is up. PORT STATE SERVICE 443/tcp filtered https Nmap done: 1 IP address (1 host up) scanned in 2.05 seconds mircsicz@macbook-pro-wlan ~ $ nmap -sT -P0 -p1443 3x.24.13.166 Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-03 04:49 CEST Nmap scan report for b2b-3x-24-13-166.unitymedia.biz (3x.24.13.166) Host is up (0.028s latency). PORT STATE SERVICE 1443/tcp open ies-lm Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
Title: Re: Port Forward on 443 not working but 1443 to the same machine is fine
Post by: fabian on June 03, 2018, 10:21:41 am: Do you run the web interface on 443? just because you cannot use the port for forwarding then (you have to move the web interface to a different port like 8443).
Title: Re: Port Forward on 443 not working but 1443 to the same machine is fine
Post by: mircsicz on June 03, 2018, 10:04:28 pm: Hi Fabian,

no I always change that to 80, if I have to do something on WebGUI from remote I use a ssh forward...

But through deeper investigation we learned that we can reach the modem's (Hitron) WebGUI on Port 443. As of that finding I called the UnityMedia Hotline once more, asked them for the password of the modem, as admin / admin didn't work, but they asked me to reset the modem. Later during that conversation and after further inquiry with his coworkers the callcenter agent admitted that they are getting more reports from clients that use the modem and report issue's with port 443 traffic. He said that UnityMedia IT is investigating the incident...

I'll report back after I've received feedback from UnityMedia.

EDIT:
Callcenter Agent I talked to this morning admitted right away that it's a know'n issue with the modem that it sometimes doesn't delete all the firewall rule's when provisioned to bridge-mode. All I needed to do was the hard-reset!

With the next provisioning it worked as expected...