FTP Helper allowing traffic to blocked network?

  • This may be a dumb question…  If so I apologize.

    I have a network print server device that I believe may have been comprimized.  It had a constant outgoing connection on port 21 to an IP address on the Asian Pacific network.

    The first thing I did, was setup rules in pfSense (both LAN and WAN side) to block all traffic to and from that particular IP range.  However a few minutes later I noticed in my packet capture, that the print server was still communicating with this IP, even though I thought I had that IP blocked.

    After a little investigation, I finally determined that the only way I could prevent devices on my network from establishing an FTP connection with this IP, was to turn off the FTP helper.

    Now, while I don't claim to fully understand the FTP helper, but I assume I will at some point need it.  So my question would be, what can I do to completly block an IP range on every port (including 21) without disabling the FTP Helper?

    Thanks in advance!

  • If you have a vlan switch you could give it's own net.
    Else maybe a reject rule from printer to

    2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to / ports 8000-8030. IE: allow LAN subnet to 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.

Log in to reply