16
18.1 Legacy Series / [SOLVED] Port Forward on 443 not working but 1443 to the same machine is fine
« on: June 03, 2018, 04:12:53 am »
Hi all,
I've got a weird situation on a freshly installed APU.
I forwarded HTTPS from an Exchange to enable ActiveSync but the nmap scan only show's the port as filtered. But my SSH HiPort and SMTP are working as expected. Exchange sends and receive's Mail as expected and I'm currently using the SSH Access to check the Router's WebIF...
Packet Capture on target's OPNsense doesn't get a single package and on my OPNsense all I get is SYN packages...
Now here comes the funny part: If I forward Exchange's 443 to 1443 I get to see the login page!
I hope one of you has a hint as I'm kind a lost here...
BTW: Aunty Google showd me that from the other pf based distri: https://forum.netgate.com/topic/121743/port-forwarding-http-and-https-dont-work-on-pfsense-2-4-0-sg2220/12 But this is a UnityMedia Business Line and they told me not to block any port... And as I'm on a UnityMedia Business connection to I could approve that by forwarding one of my internal HTTPS enabled host's and accessing it through LTE and another external device!
I've got a weird situation on a freshly installed APU.
I forwarded HTTPS from an Exchange to enable ActiveSync but the nmap scan only show's the port as filtered. But my SSH HiPort and SMTP are working as expected. Exchange sends and receive's Mail as expected and I'm currently using the SSH Access to check the Router's WebIF...
Packet Capture on target's OPNsense doesn't get a single package and on my OPNsense all I get is SYN packages...
Now here comes the funny part: If I forward Exchange's 443 to 1443 I get to see the login page!
I hope one of you has a hint as I'm kind a lost here...
BTW: Aunty Google showd me that from the other pf based distri: https://forum.netgate.com/topic/121743/port-forwarding-http-and-https-dont-work-on-pfsense-2-4-0-sg2220/12 But this is a UnityMedia Business Line and they told me not to block any port... And as I'm on a UnityMedia Business connection to I could approve that by forwarding one of my internal HTTPS enabled host's and accessing it through LTE and another external device!
Code: [Select]
mircsicz@macbook-pro-wlan ~ $ nmap -sT -P0 -p443 3x.24.13.166
Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-03 04:48 CEST
Nmap scan report for b2b-3x-24-13-166.unitymedia.biz (3x.24.13.166)
Host is up.
PORT STATE SERVICE
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 2.05 seconds
mircsicz@macbook-pro-wlan ~ $ nmap -sT -P0 -p1443 3x.24.13.166
Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-03 04:49 CEST
Nmap scan report for b2b-3x-24-13-166.unitymedia.biz (3x.24.13.166)
Host is up (0.028s latency).
PORT STATE SERVICE
1443/tcp open ies-lm
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds