Http Virtual Server Listens Ftp Port 21

It is definitely possible to have an HTTP server or VIP listening on non-standard ports, but it would have to be defined to do so. How do you have the VIP configured? Do you have ANY port 21 VIPs?

Hi,

Actually, there is 21 port virtual server along with http and smtp virtual servers.

Also, all virtual servers listen port 21. Not just http virtual servers.

We created a new http virtual server and the issue is same.

Regards.

Also, all virtual servers listen port 21. Not just http virtual servers.

Can you elaborate on this?

Hi,

There are different kinds of virtual servers defined such as http (80), smtp (25) and ftp. All of them listens port 21 (Ftp virtual server is usual but others not).

I have tried in my own test environment but my http vs does not listen ftp port 21. Also,

In customer, we tried to create different http vs but result is the same.

I guess the part I'm getting stuck on is this:

All of them listens port 21

You have virtual servers defined to listen on specific ports, like 80 and 25, yes? If so, then how are they also listening on port 21?

Hi Kevin,

This is the issue. I wonder that anyone faced issue like that before ?

On my test environment, it has no problem and my http vs only listens port 80 requests. But,

customer told me our security team realized that all vs on the big-ip listens port 21.

Regards.

Unless you've specifically defined a port 21 listener for a given destination address, this is not possible. I would do the following:

1. Test what the security team is claiming. And run a tcpdump capture to see what that traffic looks like.

    

2. Ask the security team what it defines as "listening" (actively establishing a connection on port 21 and potentially passing traffic? Not explicitly rejecting or dropping port 21 requests?).

    

3. Review your environment for ANY port 21 listeners (using the same VIP address? A wildcard address?).

    

Thanks Kevin,

I will test these things and inform.

Regards.