Hi I just recently got IPFire working and still need to learn a lot but this one has me a bit stuck. I have tried searching the the IPFIre fora and have not been able to find anything related to this.
I have a simple home setup with IPFIre on one laptop with its RED zone being wifi and connected to the home wifi router/modem and GREEN zone connected to one other laptop (my work laptop). The 2 laptops are connected with a direct Ethernet cable to each Ethernet port on each laptop.
When I do a Shieldsup scan on grc.com from my work laptop it tells me that all of the first 1056 TCP ports are Stealth except for port 22. It is open.
I am not an IT or networking guy, just a retired engineer and so I dont know much about all this, but I am trying to figure out why this port is showing open.
I am wondering the following and any input/help/additional info that I am missing or not understanding is much appreciated…
- Is grc.com a good site to do testing with? Maybe this is not considered good practice by anyone who know more than I do about firewalls and networking?
- Is there a better way to test?
- I run Linux on my work laptop and when I run “sudo firewall-cmd --list-all” it reports:
So both services and ports are blank and I believe this means port 22 is not open/active on my work laptop. Would this be correct?
I run grc.com Shieldsup in my browser on my work laptop but could it be that Shieldsup is reporting port 22 open because it is open not on my work laptop but it is open on my IPFire laptop or the wifi router/modem?
I went into my IPFire WUI and tried to find where I could maybe see anyting about open ports or close them - I found SSH Access under System and SSH Access is unchecked so I presume SSH access which I believe is port 22, is not running? Or is this on another port?
If I connect my work laptop directly to the home wifi modem/router and run Shieldsup I get the same result - all ports closed except port 22 is open. If port 22 on my work laptop is open then would/should IPFire not block it, since I believe the default policy is to block all incoming/input connections?
Sorry for the long winded post and possibly misinformed questions…
Thanks ahead of time…