PfSense keeps Port 21 open??
-
If you try the ShieldsUP site (www.grc.com), what does it tell you? This sounds like a 'herring-rouge' to me if you're getting conflicting reports from different sources.
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.
-
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.
There you are then!
-
Alright sir, I won't worry about it then. Thanks for the help everyone.
-
I see the same thing, I think the ONT modem has FTP open because it’s closed on the WAN on the firewall.
-
@muswellhillbilly said in PfSense keeps Port 21 open??:
www.grc.com
GRC Port Authority Report created on UTC: 2024-07-11 at 06:47:55 Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 119, 135, 139, 143, 389, 443, 445, 1002, 1024-1030, 1720, 5000 0 Ports Open 22 Ports Closed 4 Ports Stealth --------------------- 26 Ports Tested NO PORTS were found to be OPEN. Ports found to be STEALTH were: 0, 135, 139, 445 Other than what is listed above, all ports are CLOSED. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received.
-
I show this on wan side
blocked everything nothing is open
-
But mine said failed
-
That's your "ISP device", the one with the ONT. Ports should be stealth ... dono why is activily says 'closed' which means : it was listening. For what ?
So 'they' can keep an eye on you ^^But you don't care, your pfSense WAN is locked. Normally, only something like an OpenVPN port 1194 UDP should be open.
True, it's now possible to stuff a major doss app into your own local ONT device, and fully focus on your (pfSense) WAN IP without disturbing everybody else.It's probably not useful to ditch this ISP, as other ISP devices don't have ports open, but apps in the device will 'call home' for their updates and other 'control'.
The best way out : get an Netgate router with a 'FTP' ONT slot, slide in the FTP adapter that is compatible with the Netgate device and your fiber link.
And if possible, open only IPv6 ports. grc.com won't see any fire neither smoke, and you feel safe now ^^
Mine went all green decades ago :
-
@Gertjan I know I pay for a static IP and I set OpenVPN port to a timer like a door it closes at night on a schedule. I like Consolidated never had issues beyond the one off weird bill items when transferring services but they even fixed that with my tantrum, I am sure they have the fiber modem accessible for their team, I am just confused as to why on my zen map it shows wide open and not stealth mode. Anyone that doesn’t use schedules for vpn ports should think about doing that, if your not using your vpn at 3am turn it off right?
-
It is the modem I disconnected everything and ran the test again same ports same issue. That is ISP stuff not my concern my stuff is protected. I got the 2100 it has the stp ports, again consolidated wants that modem, I am just gonna leave it how they have it.