Explorer

Question

Ports 53 snd 853 open

Forum|Forum|3 months ago
March 4, 2026
5 replies
1089 views

Hi everybody,

Since a few days ago, when scanning with nmap, 2 ports appear as open:

PORT STATE SERVICE

53/tcp open domain dnsmasq 2.90

113/tcp closed ident

853/tcp open domain-s

I run scanning regularly. I do not understand how this could happen. I am trying to close them but no success.

I do not use Override authentication.

If somebody could help, I would appreciate.

Thank you

@AEK

@mpapisetty

funkylicious

SuperUser

are you using on a interface configured as DHCP Server in settings , Same as Interface IP perhaps ?

"jack of all trades, master of none"

FortiSpainAuthor

Explorer

Hi Funkylicious,

Thank you for you reply.

I can not answer your question. My knowledge does not reach. The only DHCP I can see is "DHCP monitor"...

AEK

SuperUser

Hi FortiSpain

Are you scanning your FG's WAN IP address from outside?
Did you enable DNS server on your FG?

AEK

FortiSpainAuthor

Explorer

Hi AEK,

1. Yes: From a website. Target: public IP of the firewall.
2. I think that yes:
Network >> DNS >> DNS Servers (Use Fortiguard DNS) >> Primary DNS server + secondary DNS server.

AEK

SuperUser

Hi FortiSpain

No, I mean Network > DNS Servers.

This is to configure FortiGate itself as a DNS server. Did you do so? Can you share a screenshot of this view?

AEK

yderek

Staff

hI, FortiSpain

Check this KB

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Interpreting-TCP-Ports-FortiGate-Listens-On-from/ta-p/359619

FortiSpainAuthor

Explorer

Hi yderek.

Thank you for your reply. Yes: this is exactly what I could see on CLI. Chat GPT told me they were socket ports. As you can see in my previous answer to AEK, DNS server was enabled.

After the purge command, everything looks to be in order.

Thank you very much.

All the best to everyone!

FortiSpainAuthor

Explorer

VIP: Virtual IP. OK... How can I check that?

funkylicious

SuperUser

show firewall vip

"jack of all trades, master of none"

FortiSpainAuthor

Explorer

Hi Funkylicious,

Thank you.

FortiGate-50G # show firewall vip
config firewall vip
end

FortiGate-50G # show system ddns
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "...................fortiddns.com"
set use-public-ip enable
set monitor-interface "......."
next
edit 2
set ddns-server FortiGuardDDNS
set ddns-domain "..............fortiddns.com"
set use-public-ip enable
set monitor-interface "......"
next
end

I have never "touched" this...

I wait for your news. Thank you.

FortiSpainAuthor

Explorer

Any other suggestion then?

Maybe the following can help:
FortiGate-50G # diagnose sys tcpsock | grep 0.0.0.0:53
0.0.0.0:53->0.0.0.0:0->state=listen err=0 socktype=376482 rma=0 wma=0 fma=0 tma=0 inode=375647 process=1496/dnsproxy

I wait for your help!

Thank you

AEK

SuperUser

You are probably using a dns profile in one or more firewall policies. Try remove it and see if it helps.

AEK

FortiSpainAuthor

Explorer

Hi AEK,

Thank you very much, as always.

The only thing I see on Firewall Policies is "DNS Filter". I have never touched this. The only change I have made from the beginning is to enable SSL deep inspection.

Any other idea?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded