FTP seeing router IP
I've got an FTP server on my network. I've enabled the ftp helper on the WAN and opened up port 21 with fpSense which seems to work fine. Passive mode works on a random ports etc.
The problem is, my FTP server software is seeing every incoming connection as coming from the router's IP rather than the clients IP. This doesn't stop it working its just that I can't implement any anti-hacking measures such as blocking IP's with failed logins etc.
Am I setting things up wrong or is this how it worked when using the FTP helper? If I just open the port ranges for passive mode instead of using the helper will this give the the client IP's?
BTW, I'm asking because I've been monitoring some idiot attempting to brute force access my FTP by logging in as Administrator with over 5000 random passwords! Quite amusing, especially since there is no user Administrator. But after a while if just got annoying and I wanted to block him >:(
If it's coming from a single ip, just block it in the firewall-rules…
or try using snort for this one...
This is normal the FTP helper does all of the work on behalf so it comes from the firewalls ip. This has been covered before in the forum.