For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mastro244's avatar
mastro244
Icon for Nimbostratus rankNimbostratus
Aug 07, 2024

Having issues getting FTPS server load balanced

We had the same issue as this link FTPS Load-balancing Problem | DevCentral (f5.com) Then our issue was resolved using this link Configuring passthrough FTPS load balancing (f5.com) This worked for...
ftps issues
Ryan_Johnson's avatar
Ryan_Johnson
Icon for Employee rankEmployee
Aug 07, 2024

Maybe the ftp server config changed? After an upgrade? Is this a public facing ftp server? If so this message

< 2024-08-06 10:26:40.643 227 Entering Passive Mode (10,245,70,193,243,160)
. 2024-08-06 10:26:40.643 Server sent passive reply with unroutable address , using host address instead.

Suggests the MoveIT server sent back an internal address (10,245,70,193,243,160 = 10.245.70.193). Can you see if its configured to send the internal address? It should be sending back the public ip or the virtual server or the dns/fqdn of the virtual.

Not familiar w/ MoveIT, proftpd you can solve the problem this way
http://www.proftpd.org/docs/howto/NAT.html

This issue is also talked about here
https://serverfault.com/questions/591704/proftpd-server-behind-firewall-returns-internal-ip-address

If MoveIT cannot do this, you can have an iRule rewrite the ip in the payload. 

Keep in mind if clients are hitting the same instance of the ftp server not through the F5, when you change the moveit config to present another ip, they will get this new ip, which could cause new routing issues.