Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP access from specific IP address being blocked, other IP not.

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bartgrefte
      last edited by

      Hi :)

      At the moment I've got two internet connections here. One is through a Euro-DOCSIS 3 cablemodem, other is fiber.
      Just now I hooked up my laptop directly to the fiber connection and tried to access my FTP server running behind the cablemodem and a pfSense 1.2.3 router.

      Earlier that worked fine, but now my laptop has an IP in a completely different range that for some reason is being blocked by pfSense. But with a different IP I can access it without problems. ???

      pfSense firewall says this about the blocked IP:

      "X" May 25 10:55:05 	WAN 	46.227.232.***:1129 	192.168.1.2:21 	TCP:S

      The NAT and firewall rules are fine, because if my laptop gets a different IP (earlier it was in the 109.72.39.* range) it works fine.

      Any idea's?

      With regards,

      Bart Grefte

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you click the "x", what rule does it say blocked the packet?

        If it's the default deny rule, then your rules never matched. If it's a block rule, then you have a rule blocking that IP somewhere.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B Offline
          bartgrefte
          last edited by

          I would have to try this again today, pfSense's log does not go back that far.
          However, I do see a bunch of other examples that might help, judging from the portnumbers I see, a bunch of packets for/to eMule are blocked as well. These give this when I click the "X":

          edit: Just tried it, same rule as above. Does this mean I have an IP address I shouldn't be having? Or is this because of the IPv4 shortage that I am getting one of these.

          1 Reply Last reply Reply Quote 0
          • B Offline
            bartgrefte
            last edited by

            Hmm, over here http://stat.ripe.net/46.227.232.0/21ย  it says that this range is allocated, but why is pfSense seeing it as bogon addresses?

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              Perhaps your bogons list is out of date. Are you on 1.2.3 or 2.0? They should update automatically once per month.

              On 1.2.3 you can run

              /etc/rc.update_bogons.sh now

              You can run that on 2.0 also or you can go to Diagnostics > Tables, pick bogons from the list, and press the update button.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • B Offline
                bartgrefte
                last edited by

                1.2.3. Hmm, how can I check if that's actually happened/happening?

                Please note that I am using the embedded version, not sure if that matters. Before I run that I'll mount the FS as RW.
                I'll post if this helps.

                1 Reply Last reply Reply Quote 0
                • jimpJ Offline
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  That command should take care of the mounting. You can check /etc/bogons to see what it contains

                  Right now it should only contain:

                  0.0.0.0/8
127.0.0.0/8
169.254.0.0/16
192.0.0.0/24
192.0.2.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    bartgrefte
                    last edited by

                    Ow okay, I did it my self.
                    Well, log shows this:

                    May 26 15:30:19 	admin: 29 addresses deleted.
May 26 15:30:19 	admin: Bogons file downloaded: 5 addresses added.
May 26 15:30:12 	admin: rc.update_bogons.sh is beginning the update cycle.
May 26 15:30:12 	admin: rc.update_bogons.sh is starting up.

                    File now contains:

                    0.0.0.0/8
127.0.0.0/8
169.254.0.0/16
192.0.0.0/24
192.0.2.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4

                    And it seems to have worked, no longer blocked, thanks :)

                    Guessing it hasn't been updated in a while then, any idea why?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.