• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Why Port 21 Shows Open

Firewalling
2
7
1.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    blaytrail
    last edited by Aug 27, 2022, 7:52 PM

    When I perform a port scan on my public IP, it says port 21 is open. I think this may be a false positive, but I wanted to verify.

    My current setup is cable modem>pfsense appliance>bridged wireless router.

    Is there something in pfsense that could be broadcasting port 21? My firewall does block my scanning attempts.

    I don’t have any FTP servers running. Attached is the service I’m running. login-to-view

    Thanks.

    J 1 Reply Last reply Aug 27, 2022, 8:03 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @blaytrail
      last edited by Aug 27, 2022, 8:03 PM

      @blaytrail where exactly are you scanning from, outside of pfsense? Out of the box unless no ports are open to pfsense, not even ping.

      If you are outside pfsense, then your cable modem? If your inside pfsense you running the ftp helper/proxy package?

      Simple validation that its not pfsense if you are actually outside, is sniff on pfsense wan when you do the check - do you see any traffic to pfsense wan on 21, does pfsense answer, etc.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • B
        blaytrail
        last edited by Aug 27, 2022, 8:22 PM

        Thanks for the quick reply.

        I'm tethering from my iPhone to a laptop; this is a different network. I checked the pfSense firewall logs, and I can see my scan on port 21 is getting blocked. That is good news.

        I don't know how port 21 is being broadcast. I guess it could be coming from my cable provider's network.

        I'm using the advanced port scanner. I recently switched to unlimited tethering so I can do testing.

        J 1 Reply Last reply Aug 27, 2022, 9:40 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @blaytrail
          last edited by johnpoz Aug 27, 2022, 9:42 PM Aug 27, 2022, 9:40 PM

          @blaytrail said in Why Port 21 Shows Open:

          port 21 is getting blocked.

          Well then how would it show open?

          What does it say exactly, filtered? closed? Open? I take it your using nmap?

          Pfsense has no ftp server, If you did not forward it, and you show it blocked in pfsense.. I would try and ftp to it with a ftp client? Maybe you will get a banner or something giving you some info on what it is exactly.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • B
            blaytrail
            last edited by Aug 27, 2022, 11:27 PM

            I’m using “Advanced Port Scanner.” It’s the only port/service that shows up under my public IP. I will try nmap to see if I get the same thing.

            More to come.

            Thanks again for your time.

            login-to-view

            login-to-view

            J 1 Reply Last reply Aug 28, 2022, 1:58 AM Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator @blaytrail
              last edited by johnpoz Aug 28, 2022, 2:01 AM Aug 28, 2022, 1:58 AM

              @blaytrail well doesn't even say anything for all you know its closed, and your modem sent back a reject.. Pretty useless info..

              Even shields up at grc.com is better than that..

              And you don't need to tether off your phone either.

              https://www.grc.com/shieldsup

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • B
                blaytrail
                last edited by Aug 28, 2022, 2:10 AM

                Thank you!!. I passed using ShieldsUP!

                This is a great site.

                I guess it was a false positive. :)

                login-to-view

                1 Reply Last reply Reply Quote 0
                4 out of 7
                • First post
                  4/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.