PfSense keeps Port 21 open??



  • I recently scanned my external IP to find that port 21 was open on my firewall. The only rule I have under my firewall tab is 443 for SSL.

    Any ideas why port 21 would be open? This is on latest 2.2.6-latest.



  • What extra packages if any do you have installed/running?  Do you have ftp/tftp proxy enabled?



  • Another thought: Do you have a router running in front of your firewall? Could this have an open port somewhere?


  • LAYER 8 Global Moderator

    So unless you forwarded ftp, there is no ftp service running on pfsense so it wold be impossible for that port to be open..  I would have to check if the ftp proxy package would do that, I doubt it since its for clients…  I would think you would know if you installed that and set it up??

    More than likely its some router in front of pfsense.

    edit
    I just installed the ftp/proxy package.. And it does not enable 21 on wan that is for sure..

    edit2
    Ok if you were stupid enough to highlight your WAN interface in the ftp/proxy setup - then yeah 21 would show open on a scan from outside..  Why would anyone do that???




  • No extra packages, and no FTP. Although I'm considering snort or suricata now.

    I'm not running a router in front of the firewall.

    Comcast -> Modem -> Firewall -> Server (router) -> Switch -> LAN

    Lol, this is really weird - running NMap off of pentest-tools.com doesn't show ftp as being open. Running NMap off of my laptop tethered to my cellphone (not on the same network) still displays 21 open.

    With the mac ftp client, I can open a connection to my ip address:

    ftp> o
    (to) xxx
    Connected to xxx.
    
    421 Service not available, remote server timed out. Connection closed. 
    

    With filezilla it says:

    
    Status:      	Connecting to xxx:21...
    Status:      	Connection established, waiting for welcome message...
    Error:        	Connection timed out after 20 seconds of inactivity
    Error:        	Could not connect to server
    Status:      	Waiting to retry...
    

    Any ideas?



  • If you try the ShieldsUP site (www.grc.com), what does it tell you? This sounds like a 'herring-rouge' to me if you're getting conflicting reports from different sources.



  • @muswellhillbilly:

    If you try the ShieldsUP site (www.grc.com), what does it tell you? This sounds like a 'herring-rouge' to me if you're getting conflicting reports from different sources.

    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.



  • @IonutZ:

    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.

    There you are then!



  • Alright sir, I won't worry about it then. Thanks for the help everyone.


Log in to reply