Open ports and security question

I started using pfsense like 8 month or so. I am using haproxy and ACME cert to access certain items on web like jellyfin and accounting for my business and nextcloud. I also use openVPN from pfsense.
I don’t have anything else.

Is there a way to know what ports are open from outside to any of VM running on my proxmox or standalone truenas?

I found this tool and I saw these options. I selected WAN as source and hostname is ip of one of my VM and port is 80 as I use main ip to access certain services.

How do I check any if there is port which is open from outside as there are 65535 possible port and don’t have time to check all. Or am I doing this all wrong.

By default pfsense keeps all WAN ports closed unless you create a firewall rule to open them.

I understand that but after tinkering, How would we check if we accidentally opened some ports?
Here is screenshot of rules and NAT. as far as I understood firewall, nothing is exposed as of now. I am just home lab user just want to understand how to check if something is open from outside.

You could spin up an external Linux server in a cloud service and use NMAP to scan your system. Also, it looks odd that you are not just forwarding port 80 & 443 but a range of ports. Not sure if that is something you intended to do.

It isn’t even active rule. It is grayed out. I was using ngnix before seeing your video. Now I use HAproxy and ACME cert from pfsense for reverse proxy for some of my services. So disabled those rules.

I just opened that setting to see what it says. God man, I am glad I show your video and moved everything to pfsense as reverse proxy. It is range of port. I thought it is directing 443 to 4443 but it is whole range of ports from 443 to 4443.

I had ngnix on port 4443 on my docker so I assumed that it will forward 443 from WAN to that ip on ngnix docker with port 4443.

This is how it looks if I open:

Thanks for making me look into that. At least for future understanding.

Edit: I don’t think you have any video on nmap for home user to see if what is open from outside, do you? If not, it will be good video as you teach more into detail on how to do anything network related.

Hackerspolit has a video on NMAP