Forum Discussion

Nimbostratus

Aug 07, 2024

Having issues getting FTPS server load balanced

We had the same issue as this link FTPS Load-balancing Problem | DevCentral (f5.com) Then our issue was resolved using this link Configuring passthrough FTPS load balancing (f5.com) This worked for...

ftps issues

Ryan_Johnson

Employee

Aug 07, 2024

Maybe the ftp server config changed? After an upgrade? Is this a public facing ftp server? If so this message

< 2024-08-06 10:26:40.643 227 Entering Passive Mode (10,245,70,193,243,160)
. 2024-08-06 10:26:40.643 Server sent passive reply with unroutable address , using host address instead.

Suggests the MoveIT server sent back an internal address (10,245,70,193,243,160 = 10.245.70.193). Can you see if its configured to send the internal address? It should be sending back the public ip or the virtual server or the dns/fqdn of the virtual.

Not familiar w/ MoveIT, proftpd you can solve the problem this way
http://www.proftpd.org/docs/howto/NAT.html

This issue is also talked about here
https://serverfault.com/questions/591704/proftpd-server-behind-firewall-returns-internal-ip-address

If MoveIT cannot do this, you can have an iRule rewrite the ip in the payload.

Keep in mind if clients are hitting the same instance of the ftp server not through the F5, when you change the moveit config to present another ip, they will get this new ip, which could cause new routing issues.

mastro244
Nimbostratus
Aug 08, 2024
Thank you for responding to us Ryan. Just a little information we are not on our f5 team. We manage the move it transfer webfarm servers. We did recently upgrade our version of move it transfer and it is public facing. We are not certain if something deep in the config files changed but nothing on the config application has changed. We have contacted our Move it support and it's not looking like we can change anything for this on our end. I have let our f5 team know they can write an iRule to rewrite the ip in the payload. But we are being told by them this would not be an option or possible being that the rule would not trigger being that the response is going to the internal address. How would this iRule be written and where would it be placed in the f5 for it to be trigged to resolve our issue. Any help you can give I will pass along to our f5 team. Really do appreciate the help.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Having issues getting FTPS server load balanced

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Getting Started on DevCentral

Getting Started With n8n For AI Automation

Getting started with F5 Distributed Cloud (XC) Telemetry

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

Let's Get Critical, Critical

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS