Forum Discussion
dootyfree_24038
Nimbostratus
Nimbostratusconfiguring ftp help
Hello,
I have configured what seems to be a ftp virtual server. Can connect and login, but when I try to "dir", unable to build data connection : connection refused. Seems not dynamically building data port connection. ASM is in the dmz. What's weird is that it works internally but does not work from outside(internet).
3 Replies
hoolioCirrostratus
Do you have an FTP profile enabled on the virtual server? Are you using active or passive FTP?
Manual Chapter: Load Balancing Passive Mode FTP Traffic with Data Channel Optimization
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/21.html
Aaron
dootyfree_24038Yes, I created an ftp profile. Active ftp.- nitass
Employee
What's weird is that it works internally but does not work from outside(internet).what does internal mean? is it in internal (server) vlan?
this is mine. ftp client ip is 172.28.19.251. it is in external vlan.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:21 ip protocol 6 profiles { ftp {} tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:21 {} } 1 active mode ftp [root@centos251 tmp] ncftp 172.28.19.79 NcFTP 3.2.0 (Aug 05, 2006) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 172.28.19.79... (vsFTPd 2.0.5) Logging in... Login successful. Logged in to 172.28.19.79. ncftp / > set passive off ncftp / > cd pub Directory successfully changed. ncftp /pub > ls -l -rw-r--r-- 1 0 0 1012865024 Apr 6 2012 BIGIP-11.1.0.1943.0.iso ncftp /pub > get BIGIP-11.1.0.1943.0.iso BIGIP-11.1.0.1943.0.iso: 965.94 MB 22.09 MB/s [root@ve1023:Active] config b conn show all VIRTUAL 172.28.19.79:21 <-> NODE 200.200.200.101:21 TYPE any 1/0 CLIENTSIDE 172.28.19.251:33027 <-> 172.28.19.79:21 (pkts,bits) in = (30, 1870) out = (21, 2001) SERVERSIDE 200.200.200.10:33027 <-> 200.200.200.101:21 (pkts,bits) in = (27, 2309) out = (26, 1668) PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f VIRTUAL 172.28.19.79:21 <-> NODE 172.28.19.251:43590 TYPE any 1/0 CLIENTSIDE 200.200.200.101:20 <-> 200.200.200.10:43590 (pkts,bits) in = (113361, 169.4M) out = (10740, 575012) SERVERSIDE 172.28.19.79:20 <-> 172.28.19.251:43590 (pkts,bits) in = (10740, 575012) out = (113361, 169.4M) PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP internal 00:50:56:b3:01:0b 2 passive mode ftp [root@centos251 tmp] ncftp 172.28.19.79 NcFTP 3.2.0 (Aug 05, 2006) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 172.28.19.79... (vsFTPd 2.0.5) Logging in... Login successful. Logged in to 172.28.19.79. ncftp / > set passive on ncftp / > cd pub Directory successfully changed. ncftp /pub > get BIGIP-11.1.0.1943.0.iso BIGIP-11.1.0.1943.0.iso: 965.94 MB 18.07 MB/s [root@ve1023:Active] config b conn show all VIRTUAL 172.28.19.79:21 <-> NODE 200.200.200.101:21 TYPE any 1/0 CLIENTSIDE 172.28.19.251:33028 <-> 172.28.19.79:21 (pkts,bits) in = (24, 1487) out = (17, 1632) SERVERSIDE 200.200.200.10:33028 <-> 200.200.200.101:21 (pkts,bits) in = (23, 1943) out = (22, 1387) PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f VIRTUAL 172.28.19.79:6925 <-> NODE 200.200.200.101:6925 TYPE any 1/0 CLIENTSIDE 172.28.19.251:42992 <-> 172.28.19.79:6925 (pkts,bits) in = (46521, 2.499M) out = (489847, 731.8M) SERVERSIDE 200.200.200.10:42992 <-> 200.200.200.101:6925 (pkts,bits) in = (489847, 731.8M) out = (46521, 2.499M) PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f
