I entered this in my PIX to block FTP (I'm aware FTP uses two ports. Just doing testing)
pix(config)# access-list outbound_policy deny tcp any any eq 21
pix(config)# access-list outbound_policy permit ip any any
pix(config)# access-group outbound_policy in interface inside <--applied inbound on internal interface of PIX
I then ran a sniffer and tried to do an ftp connection to a remote site. It didnt work, but here are the logs:
It shows my private IP sending a connection request to the remote host. Shouldnt the PIX be blocking this??? I shouldnt be connecting at all since the dest IP in the packet is 21???