Why Port 21 Shows Open

blaytrail

When I perform a port scan on my public IP, it says port 21 is open. I think this may be a false positive, but I wanted to verify.

My current setup is cable modem>pfsense appliance>bridged wireless router.

Is there something in pfsense that could be broadcasting port 21? My firewall does block my scanning attempts.

I don’t have any FTP servers running. Attached is the service I’m running. pfsense installed services.png

Thanks.

johnpoz

@blaytrail where exactly are you scanning from, outside of pfsense? Out of the box unless no ports are open to pfsense, not even ping.

If you are outside pfsense, then your cable modem? If your inside pfsense you running the ftp helper/proxy package?

Simple validation that its not pfsense if you are actually outside, is sniff on pfsense wan when you do the check - do you see any traffic to pfsense wan on 21, does pfsense answer, etc.

blaytrail

Thanks for the quick reply.

I'm tethering from my iPhone to a laptop; this is a different network. I checked the pfSense firewall logs, and I can see my scan on port 21 is getting blocked. That is good news.

I don't know how port 21 is being broadcast. I guess it could be coming from my cable provider's network.

I'm using the advanced port scanner. I recently switched to unlimited tethering so I can do testing.

johnpoz

@blaytrail said in Why Port 21 Shows Open:

port 21 is getting blocked.

Well then how would it show open?

What does it say exactly, filtered? closed? Open? I take it your using nmap?

Pfsense has no ftp server, If you did not forward it, and you show it blocked in pfsense.. I would try and ftp to it with a ftp client? Maybe you will get a banner or something giving you some info on what it is exactly.