Passive FTP failing, F5 send TCP RST after receiving Entering Passive mode from server

Any response please?

Self IP: 10.57.152.6 Pool: 10.57.152.6 (open for all ports)

pool is 10.57.152.7, isn't it?

can you post both client-side and server-side trace?

e.g.

 tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.cap host 192.168.152.8 or host 10.57.152.7 -v

Hi Sorry, it was a typo. Indeed, .6 is floating IP to carry traffic and .7 is the Pool. Results attached. I have tested this in lab as well and results are same. Server listning on ports 5000-6000, with only TCP profile traffic works fine. With FTP profile, F5 sending RST after getting entering into passive mode from server. Also tried following iRule and exactly same results. when SERVER_CONNECTED { FTP::port 5000 5999 } F5 to Server

 

 

 

 

Client to F5

 

 

 

 

Try creating a non-default ftp profile and allow ANY data port.

Per default, only port 20 is allowed:

    list ltm profile ftp /Common/ftp all-properties 
   ltm profile ftp /Common/ftp { 
       app-service none 
       defaults-from none    
       description none 
       inherit-parent-profile disabled 
       log-profile none 
       log-publisher none 
       partition Common 
       --> port ftp-data <-- 
       security disabled 
       translate-extended enabled 
    }

try using this instead:

ltm profile ftp ftp_dataport_any { 
    app-service none 
    defaults-from /Common/ftp 
    --> port any <-- 
} 

With this profile, you also should not need to enable the virtual on any port, but on the desired ftp-control port only (in your case 10021).

HTH Martin

PROD environment works fine with iRule but it is failing in the lab. I checked and server ports are in same range.

 

have you captured packet? what did you see there?