PFsense FTP Client Proxy



  • hi all,

    I installed FTP Client Proxy in my pfsense. It is working fine. I have >1000 PC in my network, I want to allow 30 PC can use FTP service only.  I know the FTP Client Proxy can support not allow ftp ip address. i don't want to input 970 ip address in this table. Is it any good suggestion to me for reference?

    Thanks.



  • @tomli:

    hi all,… i don't want to input 970 ip address in this table. Is it any good suggestion to me for reference?

    If, and only if these 30 PC's that should be allowed to use FTP (FTP clients are running on those PC's) are using static DHCP leases, or have static IP's, this means known, fixed,  IP's, then your close to a simple solution.
    You should use a firewall  ! Good news, pfSense IS a firewall  ;)

    So, instead of listing the 970 PC's that should not be allowed to use FTP, you should throw these "30 PC's" (their IP's) in an alias.
    And then you let the system do the work :
    Create a firewall pass rule with some nifty port selection (like "Destination something like port 21, to 'select' FTP traffic) and use the alias you created as a source address.
    A second block rule right after that, same destination port, but with a source address like "Any-on-your-LAN" (the one with 1000 PC's).

    The 30 PC's will hit the first rule, and this results as an accept, the can pass.
    All others won't be able to use FTP (on the selected destination port).

    Note : I couldn't test this myself with the package FTP_proxy, I don't know where that is good for.
    But see image for the firewall rules - I tested them and added the PC's that should have an FTP access to the list named "FTP_permitted_list".
    Added PC's have access, the other : no.
    Worked for me.