Forum Discussion
Heidi_35827
Nimbostratus
NimbostratusActive FTP VIP with port translation
Using SOL6557, I have successfully setup an FTP vserver, which works with active-mode FTP. It is working great. They key to this was an FTP profile with the data port configured as 0, which is essentially a wildcard and allows for the dynamic port selection of active-mode FTP.
http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6557.html?sr=33746306
However, I have an additional requirement, which is to have an Active-mode FTP vserver with port-translation. The port translation is where it breaks. I want the VIP to listen on port 21, however FTP is running on the servers on port 9021. I have searched for a solution with this scenario but have yet to find any guidance on DevCentral or F5.com. Please help, any suggestions?
Heidi_35827UPDATE: as I stated above, it did not initially work after I added the SNAT per SOL14527. But what we soon realized is that it wasn't working from specific unix clients, but was from others. It turns out it was an iptables issue on the client side. Once that was modified, we are good to go. Thanks for your help, Richard.
- Heidi_35827
Yes. I have a SNAT configured on this VIP per the solution you suggested.
This is what we get.... ftp> passive Passive mode off. ftp> ls 200 PORT command successful. 425 Can't open data connection.
- I would open a Support case for this.
Have you looked at SOL14527 - The BIG-IP system may fail to process FTP data connections when port translation occurs
http://support.f5.com/kb/en-us/solutions/public/14000/500/sol14527.html
