[f-nsp] PASV FTP behind Load Balancer
youssef.ghorbal at netplus.fr
youssef.ghorbal at netplus.fr
Tue Nov 18 08:50:30 EST 2008
Hello,
here is a sample configuration of active and passive FTP capable
ServerIronXL :
! this one let the ServerIron do reverse NAT for connexions initiated
by the real servers (in active FTP the real server initiate a
connexion from port 20 to a high port)
server reverse-nat
server real FTP-1 10.64.0.38
! In ordre to the reverse nat to work the port must be bound
port 20
port 20 no-health-check
port ftp
port ftp keepalive
!
server real FTP-2 10.64.1.38
port 20
port 20 no-health-check
port ftp
port ftp keepalive
!
server virtual FTP 192.168.0.1
! this tells the ServerIron tha sessions initiated from the same
source to any other port (after the fist connexion on port 21) are
redirected to the same real server (this let us deal with passive ftp)
port ftp sticky concurrent
port 20
bind ftp FTP-1 ftp FTP-2 ftp
bind 20 FTP-1 20 FTP2-2 20
!
Hope this helps.
Regards,
Youssef Ghorbal
-----------------------
On Nov 18, 2008, at 4:49 AM, Reynald Mahinay wrote:
> Hi guys,
>
> I have a query regarding PASV ftp behind ServerIronXL. The scenario
> would be that a host behind the LB will initiate an FTP access to an
> external server. The problem is that it will need to open a random
> ports for it to establish a data connection to the server. That
> said, the host behind the LB cannot successfully connect. Is there a
> tweak on the ServerIronXL for this to run properly?
>
> LB model: Foundry ServerIronXL
> SW: Version 07.5.00eT12
>
> Thanks,
> Reynald
> <ATT00001.txt>
More information about the foundry-nsp
mailing list