Problem blocking ip and with outgoing ftp connections

cerez23

Hello to the list,
first of all sorry for my bad english.

I have installed a pfsense with 2 wan interfaces, the first to nat client ( xxx.xxx.xxx.xxx gw nothing  ) ,
the second for ftp and web services (yyy.yyy.yyy.yyy with default gw yyy.yyy.yyy.x)  and a  lan interface.
All seems to work fine but i have 2 little problems:

1. I must block 2 site  from lan to internet so i insert a rule like this on the lan interface

Source: any
Destination: <blocked ip="">D_port:any
DROP
But the  <blocked ip="">results Reachable from the lan net.

2. I enable FTP Helper on wan interface (yyy.yyy.yyy.yyy) and lan interface but clients on lan can't connects to external FTP.The default policy from lan to outside is any destination and any protocoll.

ps I'm using pfsense 1.2 rc2

Can anyone help me?

tnx in advance

AC</blocked></blocked>

Perry

The site you try to block could be using Round robin dns http://en.wikipedia.org/wiki/Round_robin_DNS
So to block a range of ip your could do something like this.

• LAN net * 88.221.26.1/24 * *   block www.chelseafc.com

(FTP Helper) Disable on wan and enable on lan.
Your can test with ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/All

sullrich

FTP only will work on the primary WAN.

http://devwiki.pfsense.org/FTPTroubleShooting

cerez23

I've tried to verify rule also making a connection to the ip and I 've the same result.

Any suggestion ?

Regards