[solved] Port 8081 seen on WAN by Portscan

Started by ruggerio, March 26, 2018, 04:40:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 26, 2018, 04:40:42 PM Last Edit: March 28, 2018, 10:44:33 AM by ruggerio
Hi,

when i issue a portscan to my external IP-Adress, i see, that port 8081 is open.

I already issued a Rule on WAN-Port for incoming traffic, but the port is still shown as open. How can i Close this?

Roger
March 26, 2018, 04:45:09 PM #1
Are you scanning from the internet or locally from your LAN?
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
March 27, 2018, 06:17:53 AM #2
Scan comes from internet.
March 27, 2018, 06:58:52 AM #3
Do you have a rule which allows traffic on that port or forwards the port to something else? You also need to have a service which listens on that port (accepts connections), what is that service? Also, what kind of port are we talking about, TCP or UDP?

If you have no rules allowing/forwarding traffic on that port, try scanning with something else, there's a chance that the scanner is not accurate.

I had my share of problems with OPNsense over time, but security wasn't one of them, never read about the firewall not doing its job, so I'm almost certain it's not OPNsense related :-)
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
March 27, 2018, 09:15:59 AM #4
Thx!

No rule, no forwarding, but upnp activated. There is a Server listening on Port 8081, which seems to affect also the WAN-Port.

Will try to exclude this.

Roger
March 27, 2018, 09:31:57 AM #5
There you go, I'm fairly certain that's the reason. With UPnP disabled, the fw should not open any ports.
As a personal rule, I never use UPnP :)

You're very welcome.
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
March 27, 2018, 09:47:40 AM #6
Yeah, in fact it is upnp.

I Changed now the rule on the Interface, in which the devices hang and block outgoing traffic (instead of blocking it on wan-port).

This seems to do the trick, even with upnp enabled.

Roger
March 27, 2018, 09:51:46 AM #7
Great, good work!
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
March 28, 2018, 07:08:59 AM #8
*sigh* it went back, but now its definitively solved.

I just configured upnp to "deny all" and allowed 2 devices, but not the one with Port 8081.

So, now its closed.

Roger
March 28, 2018, 07:31:29 AM #9
If you feel your issue is fixed, you can prepend [Solved] to the title of your first post :)
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
Print
Go Up Pages1
User actions