Forum Discussion
Maxim_Taskov_90
Nimbostratus
NimbostratusFTP Through BIG-IP from Client Behind BIG-IP
Hi, I need to be able to pass FTP, both Active and Passive, through BIG-IP when initiated from a client that is behind BIG-IP and is NATed...do you think iRules plus a Forwarding IP VS can help?
I am running BIG-IP OS v.9.2.3 on LTM 6800.
The situation is as follows:
1. Client behind BIG-IP initiates FTP (client real IP is 1.1.1.1)
2. Client connects to FTP server located on the BIG-IP external network (client connects with NAT source IP of 1.1.2.1)
3. Client successfully completes logon to FTP server.
4. Client attempts PORT command and fails with message "invalid port command" as the port command contains the client real IP.
I looked trough all available BIG-IP manuals, solutions, ASK5, and iRule threads with no luck.
The one thing I found in the iRule threads that looks promising is the relate_{client|server} function.
Do you think this can be the solution to my problem?
Thanks, Maxim
Keith_102209Did you resolve your problem? I have a very similar issue. I am running 9.3.1 on a Link Controller.
Thanks,
Keith- The_BhattmanYes it can be a solution using the TCP:: commands to manipulate the client IP address.
CB 
hoolioCirrostratus
I think with the FTP profile, you shouldn't need a rule. Just create a VIP with an FTP profile and pool, and apply a SNAT. the FTP control data should be updated automatically to the SNAT address.
SOL8021: Configuring the BIG-IP LTM to allow outbound FTP sessions
https://support.f5.com/kb/en-us/solutions/public/8000/000/sol8021.html?sr=550508
Aaron
