FTP on pfSense
-
here is my scan results.
Starting Nmap 5.21 ( http://nmap.org ) at 2013-08-01 10:59 CDT
Nmap scan report for
Host is up (0.061s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open httpshere is ftp session:
root@jguard-ubuntuX64:/home/jguard# ftp
Connected to
220 Check Point FireWall-1 Secure FTP server running on fw_1
Name (:jguard): -
-
I have created a rule to block all traffic to port 21 but i still see it when i scan. Strange! ???
-
uPNP is disabled and still port 21 shows up in the scans. Looks like a fresh install in needed.
-
And again is there anything in front of your pfsense – say a checkpoint firewall ;)
You sure your even checking the correct IP ;)
So when you hit 80 or 443 you get the services your running on those ports?
-
I have my IP phone gateway and DSL modem in front of the Firewall.
It is the correct IP.
When I connect 80 and 443 I do see the services that should be on them.
Guess I should check with Speakeasy to see if their modem or IP gateway have checkpoint. DOH!!!!!!!!
-
When they ask you is there anything in front of pfsense, what they mean is how is pfsense connected?
Directly to a modem with only 1 port available or is it plugged into something with 2,3,4 or 5 ports on it?
Easy way to tell is look at your ip in upper right of pfsense status screen. What is it?
-
It is connected directly to a modem with only 1 port.
I see the static IP from my provider.
-
It is connected directly to a modem with only 1 port.
And the IP phone gateway is hanging in the air? ???
-
" DSL modem in front "
Yeah that is RARELY the case that is a "modem" – what is normally is a GATEWAY, ie its doing NAT.
So what IP address does it show you on pfsense -- is it a public one, or private 10.x.x.x, 192.168.x.x or 172.16-31.x.x
Its its PRIVATE -- then your behind a NAT, and its quite possible that NAT devices is listening on 21 not pfsense or anything behind pfsense.
Did you setup any forwards for your 80 and 443 services on your "modem"???
I have not seen a pure dsl/adsl "modem" in years and years - they are always out of the box a gateway. They might be able to turn on bridge mode and turn them into a "modem" But out of the box they are always gateways.
this is even becoming common with cable - where they give you a gateway vs a modem, and its doing nat.
-
I am going to try and do a scan from my network when I get home to see if I see it from behind the firewall. Will post later after I have done this, thanks everyone for your help with this matter. :)
-
Ahhhhhh the adventure of learning. Well, at one point we were all there.