Port 21 is accessible but it should be closed?

  • Hi!

    I ran Nmap on one of my LAN-computers and it discovered that port 21 is open on my pfsense (version 1.2.1). To verify this I also tried to telnet to on port 21 and I got a blank response. But the thing is that I don't have port 21 open in pfsense. If I do a port scan from the internet it says that port 21 is closed as it should be, but why is it then open in my LAN? Is there any service in pfsense that uses port 21 as default?

    1. Port 21 on LAN interface is not the same as port 21 on WAN interface.

    2. It is open on LAN interface because of the ftp-helper, if you really want to close the port you can turn off the helper at:
      Interfaces->LAN->"Disable the userland FTP-Proxy application",
      but doing so will break outbound ftp unless you configure firewall rules yourself for outbound ftp.

Log in to reply