Forum Discussion
Shane_Terrick_9
Nimbostratus
NimbostratusBasic FTP load balanicing
I am trygin to set up a basic load balanincing with the GTM and LTM for 2 servers behind the F5
I have created a WIP(on the GTM) to connect to the 2 load balanced server living behind the LTM device.(Created a VS, Pool and nodes in teh F5)
I have created an ftp monitor for the nodes that does test successfully, so teh pool is up but when i try to FTP to the WIP thru a command line I get teh following error. Not sure if I have a setting incorrect?
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 User logged in.
ftp> dir
501 Server cannot accept argument.
150 Opening ASCII mode data connection.
5 Replies
s3s1277_111291Did you apply ftp profile on the VIp? Also, do you have same VIP created for data port 20?
Shane_Terrick_9Posted By s3s1277 on 03/01/2013 10:41 AM
Did you apply ftp profile on the VIp? Also, do you have same VIP created for data port 20?
I do have the ftp profile applied . as for the same VIP with port 20, woudl i just create a second VIP with teh same name but port 20 as the service port?- Shane_Terrick_9OK, got the FTP portion working now creating a datagroup of IP address allowed to access the site.
Need to craft the iRule(unless someone has one out there.) - Shane_Terrick_9Update.
It is working now. I crafted(borrowed and tweaked )the iRule to restrict to only addresses in the epic_ftp datagroup.
when CLIENT_ACCEPTED {
Check if client IP is not in the allowed_clients_datagroup
if { not [class match [IP::client_addr] equals epic_ftp]}{
Disallowed client IP, send a tcp reset
reject
}
}
I am wondering if there is a way to notify if there are rejections? - What_Lies_Bene1
Cirrostratus
Add something like this after the reject command to create a log entry in /var/log/ltm but note that this does present a small risk in the case where someone making a large number of invalid requests could fill your logs and even your disk;log local0. "Rejected FTP connection attempt from [IP::client_addr]."
