Finished setting up ISPConfig purely for email and it works great! I was running through doing some maintenance today and decided to do a port scan. SMTP and IMAP ports are open but for some reason port 21 (FTP) is also open? File Server service is not enabled in ISPConfig, pure-ftpd has been disabled on the server itsself, my firewall blocks everything not explicity allowed, and I have even added a deny all rule for port 21. Yet it still shows up as open in an NMAP scan. It's not necessarily a danger since nothing is running on port 21 but has anyone got any ideas as to why port 21 is showing open when it shouldn't?
If nothing is running on port 21, then it can not be open. So either you made a mistake by checking if the port is open or you made a mistake by checking that nothing is running on that port. Run the ispconfig test script, it will show you if something is running on port 21 or not: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
Hi Till, I completely agree with you and that test shows: [WARN] Port 21 (FTP server) seems NOT to be listening [WARN] Port 21 (FTP server) seems to be BLOCKED in firewall but my port scan is still showing it as open. Gotta be something to do with the software. I'll try another scanner. Thanks!
If the firewall blocks port 21 with target "reject" although FTP is not running, then what you are being reported is completely normal and intentional, because you have configured FTP and your firewall in this way.
It's set to deny. As mentioned I think it's something to do with the NMAP because I've tested from another device and it shows 21 as not open.
And there is no router in between the server and your Nmap scanner, which might cause port 21 to be rerouted to another system?
I'm not sure what deny means in your answer's context as it is a not a iptables jump target that I'm aware off, but I guess you mean "drop" in your case. And as you say, yes nmap could be the reason especially if the versions on your systems are different. Maybe it is a Nmap bug, but I've never seen such behaviour with nmap or heard anything like that, but that doesn't necessarily mean, that something like that couldn't exist. Another possibility could be routing, as Till mentioned, and that should be checked, especially if you know the firewall configuration is correct.
If you enable the firewall for a node within ISPC, by default a whole list of ports is opened. Disregarding completely if corresponding services are installed and/or running. The list includes every port necessary for a fullblown ISPC server install. Of course an opened port without an active service behind it won't do any harm but still ...
