Impossible block microsoft or akamai packet tcp:s
-
if you intend
Disable the userland FTP-Proxy application
now i check this option in lan and in opt1, tomorrow i will see the log and i will notify if this is the solution. Thanks. -
with FTP Helper Checked in lan and in opt1 (3th NIC)
always try to contact microsoft site but this time is blocked :)
now the log is changed, can you explain this message?
Blocked Jun 17 18:18:29 LAN 10.10.21.64:4679 207.46.16.233:80 TCP:S
the rule that triggered this action is:
@178 pass in quick on vr0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
THANKS
-
ok as the previouse post i confirm that now the packet microsoft are stopped, seem that the packet use ftp helper to bypass rule block ftp and other port.
So now with ftp helper disable the packer are in sytem log as blocked, before with ftp helper unchecked (enabled) the packet pass all list of block rule. May be a bug?
Now the situation is i can block microsoft packet, with ftp helper checked (disabled), but i can not use now filezilla in lan client !!!!!! :-[
I'm waiting for solution in specified new post! -
You seem to have misunderstood my last message, though it was a bit brief so I should have explained it better:
The packets you are trying to block are legitimate connections required for FTP to work. These connections are allowed by the FTP proxy so that active FTP can work for external FTP sites.
Nothing is being bypassed, it is being allowed on purpose so that FTP functions. The IPs in question are the FTP servers you are connecting to.
-
HELP MEEEEEE :)
i've not ftp proxy in my lan, i've only client with filezilla client, i create rule to pass from lan (alias ip lan list) to any ftp site (alias port destination) , i create second rule to stop all from any to any in lan interface (vr0).
Ftp helper is unchecked in lan and wan (enabled) without i can read list folder with ftp client filezilla and other.
But now i read in system log this, and if i click in icon act i read in message box no rule name! Why no rule name? why packet microsoft pass block any to any rule and not logged with rule name?The rule that triggered this action is:
pass Jun 22 08:42:46 LAN 10.10.21.64:2842 77.67.22.170:59702 TCP:S
pass Jun 22 08:42:45 LAN 10.10.21.64:2841 77.67.22.170:58522 TCP:S
pass Jun 22 08:42:44 LAN 10.10.21.64:2840 77.67.22.170:57589 TCP:Sraw mode
Jun 22 08:42:46 pf: 1. 033757 rule 77.545.108.0/0(match): pass in on vr0: (tos 0x0, ttl 128, id 3035, offset 0, flags [DF], proto TCP (6), length 48) 10.10.21.64.2842 > 77.67.22.170.59702: S, cksum 0xfae9 (correct), 463140115:463140115(0) win 65535 <mss 1460,nop,nop,sackok="">Jun 22 08:42:45 pf: 979078 rule 77.545.108.0/0(match): pass in on vr0: (tos 0x0, ttl 128, id 10477, offset 0, flags [DF], proto TCP (6), length 48) 10.10.21.64.2841 > 77.67.22.170.58522: S, cksum 0x1144 (correct), 3449237849:3449237849(0) win 65535 <mss 1460,nop,nop,sackok="">Jun 22 08:42:44 pf: 871623 rule 77.545.108.0/0(match): pass in on vr0: (tos 0x0, ttl 128, id 17824, offset 0, flags [DF], proto TCP (6), length 48) 10.10.21.64.2840 > 77.67.22.170.57589: S, cksum 0xe526 (correct), 2448202951:2448202951(0) win 65535</mss></mss>
-
Those are still dynamically added rules. Do you have UPnP enabled? Sure you don't have the FTP proxy enabled on any interface? What packages are you using?
If you can catch one as it happens, go to Diagnostics > Command and run:
pfctl -vvsrand
pfctl -vvsT
-
yes it happens again, akamay microsoft packet found and no rule name.
Jun 22 16:00:57 pf: 936200 rule 77.545.131.0/0(match): pass in on vr0: (tos 0x0, ttl 128, id 30083, offset 0, flags [DF], proto TCP (6), length 48) 10.10.21.10.3730 > 77.67.22.171.55274: S, cksum 0x8bb4 (correct), 1338457637:1338457637(0) win 65535 <mss 1460,nop,nop,sackok="">Jun 22 16:00:57 pf: 1. 027930 rule 77.545.131.0/0(match): pass in on vr0: (tos 0x0, ttl 128, id 5574, offset 0, flags [DF], proto TCP (6), length 48) 10.10.21.10.3729 > 77.67.22.171.54494: S, cksum 0x3902 (correct), 693418583:693418583(0) win 65535 <mss 1460,nop,nop,sackok="">command executed and now? what i need to check ? after my last block all rule, the other automatic rule has 0 packet and 0 byte
@179 block drop in log quick on vr0 from localsubnet:1to any label "USER_RULE: 200 localsubnet blocco lo sconosciuto e lo loggo"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@180 pass in quick on vr0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@181 pass in quick on vr0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@182 pass in quick on dc0 inet proto tcp from any port = ftp-data to (dc0:1) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@183 pass in quick on msk0 inet proto tcp from any to 127.0.0.1 port = 8022 flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@184 pass in quick on msk0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@185 anchor "imspector" all
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@186 anchor "miniupnpd" all
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@187 block drop in log quick all label "Default deny rule"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]
@188 block drop out log quick all label "Default deny rule"
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 15987 ]</localsubnet:1></mss></mss> -
Before you chase anything else, the other questions still need answering:
Do you have UPnP enabled?
Is the FTP Proxy enabled on any other interface? (Such as WAN)
What other packages and services do you have enabled?
-
uPnp disabled, on windows machine work on different port that we have seen in log
ftp helper is enabled only in lan because without i can't use filezilla client
i'have not FTP Proxy server in my lan and in pfsense firewall
standard package normal installalation, There are no packages currently installed.
thanks jimp for your support
-
FTP helper is the FTP proxy. They are the same thing. That is what is allowing those packets.
-
and my rule block any to any is first of all !!!
I tried to disable ftp helper,create specific rule to open destination port only to specific client, but is impossible to read list of folder ftp server !
So is possible enable ftp helper only to an alias (ip list of client that can use ftp) ?
:(