FTP on pfSense
-
I did a port scan on my pfSense box and noticed that ftp was open, when i ftp'd to it is say Checkpoint - 1 firewall ftp server login prompt. Is this normal or do i need to reinstlall my pfSense box?
-
You need to close the port. Its possible if you have uPNP going that something opened the port automagically and its also possible you did by accident or that you were hacked. Not sure why its open or why something is listening on it.
Never seen that before
Checkpoint is also a type of router.
http://www.checkpoint.com/
Anyway… I'd be concerned if I had services running I didn't set up.
-
Thanks for the fast reply…... : ;)
Do you know how to go about closing port 21?
-
all inbound ports would be blocked by default.. So unless you opened up the rule there would BE nothing open on a default box. Did you enable UPnP?
Is you pfsense behind a nat already.. Maybe the port is before it even hits pfsense.
Where are you scanning from - outside? And how did you try to connect, from outside pfsense as well?
-
I do have uPNP open for Xbox traffic. I did a nmap scan from outside and tried to connect from outside as well.
-
here is my scan results.
Starting Nmap 5.21 ( http://nmap.org ) at 2013-08-01 10:59 CDT
Nmap scan report for
Host is up (0.061s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open httpshere is ftp session:
root@jguard-ubuntuX64:/home/jguard# ftp
Connected to
220 Check Point FireWall-1 Secure FTP server running on fw_1
Name (:jguard): -
-
I have created a rule to block all traffic to port 21 but i still see it when i scan. Strange! ???
-
uPNP is disabled and still port 21 shows up in the scans. Looks like a fresh install in needed.
-
And again is there anything in front of your pfsense – say a checkpoint firewall ;)
You sure your even checking the correct IP ;)
So when you hit 80 or 443 you get the services your running on those ports?
-
I have my IP phone gateway and DSL modem in front of the Firewall.
It is the correct IP.
When I connect 80 and 443 I do see the services that should be on them.
Guess I should check with Speakeasy to see if their modem or IP gateway have checkpoint. DOH!!!!!!!!
-
When they ask you is there anything in front of pfsense, what they mean is how is pfsense connected?
Directly to a modem with only 1 port available or is it plugged into something with 2,3,4 or 5 ports on it?
Easy way to tell is look at your ip in upper right of pfsense status screen. What is it?
-
It is connected directly to a modem with only 1 port.
I see the static IP from my provider.
-
It is connected directly to a modem with only 1 port.
And the IP phone gateway is hanging in the air? ???
-
" DSL modem in front "
Yeah that is RARELY the case that is a "modem" – what is normally is a GATEWAY, ie its doing NAT.
So what IP address does it show you on pfsense -- is it a public one, or private 10.x.x.x, 192.168.x.x or 172.16-31.x.x
Its its PRIVATE -- then your behind a NAT, and its quite possible that NAT devices is listening on 21 not pfsense or anything behind pfsense.
Did you setup any forwards for your 80 and 443 services on your "modem"???
I have not seen a pure dsl/adsl "modem" in years and years - they are always out of the box a gateway. They might be able to turn on bridge mode and turn them into a "modem" But out of the box they are always gateways.
this is even becoming common with cable - where they give you a gateway vs a modem, and its doing nat.
-
I am going to try and do a scan from my network when I get home to see if I see it from behind the firewall. Will post later after I have done this, thanks everyone for your help with this matter. :)
-
Ahhhhhh the adventure of learning. Well, at one point we were all there.
