Forum Discussion

Nimbostratus

Aug 07, 2024

Having issues getting FTPS server load balanced

We had the same issue as this link FTPS Load-balancing Problem | DevCentral (f5.com) Then our issue was resolved using this link Configuring passthrough FTPS load balancing (f5.com) This worked for...

ftps issues

Ryan_Johnson

Employee

Aug 07, 2024

Maybe the ftp server config changed? After an upgrade? Is this a public facing ftp server? If so this message

< 2024-08-06 10:26:40.643 227 Entering Passive Mode (10,245,70,193,243,160)
. 2024-08-06 10:26:40.643 Server sent passive reply with unroutable address , using host address instead.

Suggests the MoveIT server sent back an internal address (10,245,70,193,243,160 = 10.245.70.193). Can you see if its configured to send the internal address? It should be sending back the public ip or the virtual server or the dns/fqdn of the virtual.

Not familiar w/ MoveIT, proftpd you can solve the problem this way
http://www.proftpd.org/docs/howto/NAT.html

This issue is also talked about here
https://serverfault.com/questions/591704/proftpd-server-behind-firewall-returns-internal-ip-address

If MoveIT cannot do this, you can have an iRule rewrite the ip in the payload.

Keep in mind if clients are hitting the same instance of the ftp server not through the F5, when you change the moveit config to present another ip, they will get this new ip, which could cause new routing issues.

mastro244
Nimbostratus
Aug 08, 2024
Thank you for responding to us Ryan. Just a little information we are not on our f5 team. We manage the move it transfer webfarm servers. We did recently upgrade our version of move it transfer and it is public facing. We are not certain if something deep in the config files changed but nothing on the config application has changed. We have contacted our Move it support and it's not looking like we can change anything for this on our end. I have let our f5 team know they can write an iRule to rewrite the ip in the payload. But we are being told by them this would not be an option or possible being that the rule would not trigger being that the response is going to the internal address. How would this iRule be written and where would it be placed in the f5 for it to be trigged to resolve our issue. Any help you can give I will pass along to our f5 team. Really do appreciate the help.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Having issues getting FTPS server load balanced

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Managing iRules configuration

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Related Content

Transparent Load Balancing in Azure

Getting Started on DevCentral

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

What is Load Balancing?

Getting Started With n8n For AI Automation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS