File transfer, unencrypted. Insecure — use SFTP (22) or FTPS. Standard TCP port, used by the FTP service.
Free online tool — ping & port checker: instant results, no signup.
Port 21 is reserved by IANA for the FTP service. File transfer, unencrypted. Insecure — use SFTP (22) or FTPS.
To find out if port 21 is open on your host (or a third-party's — for diagnostics), use our port checker. Enter a domain and a port number — results arrive in 1-2 seconds.
An open port is a potential attack vector. General rules:
File Transfer Protocol (FTP) operates primarily over TCP port 21 and is designed for transferring files between a client and a server. It facilitates the upload and download of files, enabling users to manage their files remotely. FTP uses a client-server architecture where the client initiates a connection to the server to perform file operations.
FTP operates in two modes: active and passive. In active mode, the client opens a random port and informs the server to connect back to this port for data transfer. Conversely, in passive mode, the server opens a random port and the client connects to it for data transfer, which is often preferred in firewall configurations. Here’s a quick breakdown of the two modes:
Due to its unencrypted nature, FTP is generally considered insecure for transferring sensitive data. Therefore, secure alternatives like SFTP (SSH File Transfer Protocol) or FTPS (FTP Secure) are recommended for sensitive file transfers.
To check if port 21 is open and accessible on your server, you can use various methods depending on your operating system. Here are practical steps for both Windows and Linux environments.
For Windows:
telnet yourserver.com 21If the connection is successful, you’ll see a message indicating that you are connected to the FTP server. If the port is closed or filtered, you will receive an error message.
For Linux:
nc -zv yourserver.com 21The output will indicate whether the port is open or closed. If you see 'succeeded', the port is accessible. If it says 'failed', the port is not open.
Additionally, you can use nmap, a powerful network scanning tool, to check the status of port 21:
nmap -p 21 yourserver.comThis command will scan port 21 specifically and provide detailed information about its status. Regularly checking your port status can help maintain your server's security and functionality.
Configuring an FTP server involves several steps to ensure proper functionality and security. Below, we outline the basic configuration for an FTP server using vsftpd, a popular FTP server for Unix-like systems.
Installation: First, ensure that vsftpd is installed. On a Debian-based system, you can install it with:
sudo apt-get update && sudo apt-get install vsftpdBasic Configuration: After installation, you need to edit the vsftpd configuration file, typically located at /etc/vsftpd.conf. Open the file in your preferred text editor:
sudo nano /etc/vsftpd.confHere are some essential configuration directives you may want to include:
listen=YES - Enables the FTP service to listen for incoming connections.anonymous_enable=NO - Disables anonymous login for security.local_enable=YES - Allows local users to log in.write_enable=YES - Grants write permissions to users.chroot_local_user=YES - Restricts users to their home directories for security.After making these changes, save the file and restart the vsftpd service to apply the new configuration:
sudo systemctl restart vsftpdTo ensure that the FTP service starts on boot, use:
sudo systemctl enable vsftpdBy following these steps, you can effectively configure an FTP server on your system. Remember to regularly update your server and configurations to maintain security and functionality.
Every open port is an attacker's entry point. If the service is not used (or uses a different port), close it to minimise attack surface.
From a local machine: <code>nc -zv hostname 21</code> or <code>telnet hostname 21</code>. The online checker is simpler — from different IPs, one click.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.