FTP 21 shows open but Telnet cannot connect

Issues related to configuring your network
mdivk
Posts: 7
Joined: 2017/01/20 14:49:37

FTP 21 shows open but Telnet cannot connect

Postby mdivk » 2017/11/13 19:39:04

Hello

I have a new CentOS 7 on my VM, here is the ports status:
nmap -sT -O localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-13 14:32 EST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00031s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 985 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
88/tcp open kerberos-sec
111/tcp open rpcbind
464/tcp open kpasswd5
631/tcp open ipp
749/tcp open kerberos-adm
3306/tcp open mysql
6000/tcp open X11
8085/tcp open unknown
9010/tcp open sdr
9090/tcp open zeus-admin
10000/tcp open snet-sensor-mgmt
10002/tcp open documentum
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.9
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.16 seconds

So it looks to me that tcp port 21 is open, then from my host I tried to connect to it with FileZilla FTP into it, failed, I Telnet it on 21, connect failed.

What is missing here? How can I enable port 21 for FTP purpose?

Thank you very much.

mghe
Posts: 628
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: FTP 21 shows open but Telnet cannot connect

Postby mghe » 2017/11/13 19:46:50

Firewall ?

Try to nmap from other host.

User avatar
TrevorH
Forum Moderator
Posts: 21158
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: FTP 21 shows open but Telnet cannot connect

Postby TrevorH » 2017/11/13 19:52:25

Also, scanning 127.0.0.1 doesn't tell you what's listening on external addresses, only what's listening on localhost.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

mdivk
Posts: 7
Joined: 2017/01/20 14:49:37

Re: FTP 21 shows open but Telnet cannot connect

Postby mdivk » 2017/11/13 20:06:13

Thank you guys for replies.

My knowledge on network is very limited, please enlighten me on how do I enable port 21 so that I can do file sharing between host and guest.

Thanks.

mdivk
Posts: 7
Joined: 2017/01/20 14:49:37

Re: FTP 21 shows open but Telnet cannot connect

Postby mdivk » 2017/11/13 21:56:44

Solution found:

The easiest way is to switch from FTP to SFTP and voila

pjsr2
Posts: 189
Joined: 2014/03/27 20:11:07

Re: FTP 21 shows open but Telnet cannot connect

Postby pjsr2 » 2017/11/14 19:35:22

Both telnet and ftp are protocols that transfer passwords unencrypted when building up a connection and therefor very very insecure.
The replacement for telnet is ssh and the replacement for ftp is sftp or scp and CentOS is configured for using ssh, sftp and scp.

mdivk
Posts: 7
Joined: 2017/01/20 14:49:37

Re: FTP 21 shows open but Telnet cannot connect

Postby mdivk » 2017/11/15 01:35:30

Thanks pjsr2

sidusnare
Posts: 10
Joined: 2017/11/15 18:19:49

Re: FTP 21 shows open but Telnet cannot connect

Postby sidusnare » 2017/11/17 20:11:17

Just a followup note, there is almost never a reason to run nmpa on localhost. Most firewalls have accepting localhost traffic as one of the first few rules, so it will not give an indication of connectivity through the firewall, and will take longer to scan all the ports rather than just reading them out of the OS.

Two better commands are:

Code: Select all

netstat -t -u -n -l -p

and

Code: Select all

lsof -i -n

Both of these commands will list programs and their network connections. The lsof command will list established connections and open listening ports. The netstat command will only list listening ports, if you remove the -l option netstat will list only connections.

Additionally, if a program is listening on 127.0.0.1 instead of 0.0.0.0, it will show on your localhost nmap, but never be available externally even without a firewall.

I recommend reading the man pages for netstat and lsof, it will get you some better insight into how some of these things work.