How to close Port 21 on RT-N56U

[anontemp123]

I port scanned my router from the WAN side and can see port 21 is accepting connections. When I connect with FTP, I don't get a prompt for username/password and the connection just times out after a while, so that's good. However, I would like for the router to never accept connections on port 21 to begin with. Does anyone know why port 21 is alive in this odd way and if there's any method to completely disable port 21?

 

[red_pope]

Why don't you buy a managed switch? You could setup your VLANS. It seems that your router broadcast is coming from another machine. Research it!!

 

[anontemp123]

I have no idea what any of that means, but I will read about those terms. I just want to block port 21, that's all.

Edit: You are most correct, I can FTP to any IP address and it will connect. I don't understand how or why this is happening. Google isn't helping so far. If anyone could provide some better search terms, I would very much appreciate it. I've tried lots of permutations like "Port 21 Router Broadcast" and can't find anything that would help me.

 

[coldkick]

This should not happen with the ASUS routers, the firmware defaults to stealth on all ports.
Run this test: https://www.grc.com/x/ne.dll?bh0bkyd2 and select All Service Ports

Do you have SSH enabled under Administration > System?
Aso check for any port forwarding rules under WAN > Virtual Server / Port Forwarding

 

[RMerlin]

Asus opens port 21 to the WAN by default, because they mostly intend FTP to be used from the WAN rather than the LAN.

I added an option to my firmware that allows one to start FTP but restrict its access to the LAN.

 

[anontemp123]

I found some info after searching "how to find which machine is broadcasting".

I was testing the router on my private LAN before putting it in production, so that's why I was getting this "issue". If I connect it straight to the outside world, the Gibson test shows everything is A-okay.

I never knew an FTP server could broadcast that way. I always thought broadcast was over UDP, not TCP, but looks like I need to relearn some concepts. Either the DD-WRT router I was behind is doing something odd, or it's the Amazon FireTV box.

 

[ColinTaylor]

I never knew an FTP server could broadcast that way.

It doesn't. red_pope must have thought he was replying to some other post as his comment has absolutely nothing to do with your question.

RMerlin has given you the correct answer.

 

[anontemp123]

I am getting very odd behavior on my LAN, though. If I FTP to (telnet to port 21) any IP address, it will connect, and then disconnect.

This is behind a DD-WRT router, though, so not relevant here.

 

[ColinTaylor]

You'll have to provide more information about your setup, ftp client and OS. Also provide a screen shot of the command and responses.

 

[anontemp123]

Thanks for the offer to diagnose, ColinTaylor. Fortunately, I was able to figure it out on my own. The issue was with my Windows PC, not any router configuration. Specifically, ALG.exe (Application Layer Gateway Service ) -- which is a part of Windows Firewall -- was intercepting traffic on port 21. Disabling that service or turning off all of Windows Firewall/ICS (via net stop SharedAccess if you like the command line) resolved the issue.

Using NirSoft's CurrPorts (I like it a bit better than Sysinternals's TCPView), I got the following log which alerted me to the cause:

8/11/2015 11:05:27 AM Added alg.exe TCP 192.168.1.232:2643 192.168.0.7:21
8/11/2015 11:05:27 AM Added alg.exe TCP 127.0.0.1:1032 192.168.1.232:2641
8/11/2015 11:05:27 AM Added telnet.exe TCP 192.168.1.232:2641 192.168.0.7:21

I found some mention of this here, too.

 

[ColinTaylor]

OK. Thanks for the update.

 

[red_pope]

anontemp123 said

The issue was with my Windows PC, not any router configuration. Specifically, ALG.exe (Application Layer Gateway Service ) -- which is a part of Windows Firewall -- was intercepting traffic on port 21.

After all my estimate was close enough.

 

[red_pope]

It doesn't. red_pope must have thought he was replying to some other post as his comment has absolutely nothing to do with your question.

RMerlin has given you the correct answer.

ColinTaylor

Red_pope said:
It seems that your router broadcast is coming from another machine.

I was right....but you are the guru not me. so lets leave it alone.

In my opinion, Windows OS are notorious for broadcasting request not listening quietly or shutting-down the port when not been used. Other OS such as GNU/Linux does shutdowns the port after been used.

 

[ColinTaylor]

Why don't you buy a managed switch? You could setup your VLANS. It seems that your router broadcast is coming from another machine. Research it!!

I'm sorry if I have offended you red_pope but I genuinely thought you were replying to another question.

The reason for that was;
a) you talk about VLANs which the OP never mentioned,
b) you talk about "your router broadcast" which the OP never mentioned. (FTP does not broadcast any traffic, it listens on port 21 and responds to an individual host. It is therefore unicast.)

Best wishes.

 

[red_pope]

I'm sorry if I have offended you red_pope but I genuinely thought you were replying to another question.

The reason for that was;
a) you talk about VLANs which the OP never mentioned,
b) you talk about "your router broadcast" which the OP never mentioned. (FTP does not broadcast any traffic, it listens on port 21 and responds to an individual host. It is therefore unicast.)

Best wishes.

Is all good! No broken heart issues...Lets move on!