Some ports show up as open?

bob · Sep 30, 2006, 6:22 PM

Just did a scan from inside my network to my dyndns adress (which is not really a perfect way but I don't have an external shell).

Open are:

21/tcp open ftp?
53/tcp open domain ISC Bind dnsmsq-2.22
80/tcp open http (this one is ok since it's my webserver in the DMZ)
443/tcp open ssl/http

Why are these other three ports open? Is the admin portion of pfense open from the outside?

sullrich · Sep 30, 2006, 6:56 PM

You really should scan from external. Half of these items are actually redirects from the lan and back.

Gertjan · Sep 30, 2006, 7:41 PM

The best : http://grc.com !!

Go to the test right here : https://www.grc.com/x/ne.dll?bh0bkyd2 : click Proceed and do a All Service port scan.

You'll have all the answers right away.

hoba · Sep 30, 2006, 8:34 PM

21 is the ftp proxy
53 is the dns forwarder
80 is your nat reflection as you said
443 is most likely the webgui (running it as https?)

It's ok if these appear open from the inside but they will show up blocked from external (besides the port 80).

jakehathaway · Jan 24, 2007, 7:42 PM

My port 21 shows up as open also from the outside even though it isn't. I also have the tried checking and unchecking the ftp userland proxy in the interface and it doesn't seem to change it.
I would really like port 21 to not show open.

sullrich · Jan 24, 2007, 8:30 PM

Be sure to not test this from behind a pfSense firewall. It will redirect outgoing requests to port 21 which will false and make it look like the destination ip 21 is open, but its not.

hoba · Jan 24, 2007, 9:24 PM

Btw, if you scan this from behind another pfsense that has the ftp proxy enabled at LAN you see ftp open on ANY site you scan. This is due to the way that the ftphelper works.

jakehathaway · Jan 26, 2007, 8:28 PM

Cool, you were right on this one. I checked from home and it was ok. I was checking from my secondary location… but I use pfsense there also. Thanks for the reminder.