Apr 26, 2012

Passive FTP




I have two servers behind the F5 having ports 4021 and 4022 configured for FTP.


VIP is configured with port 21.



When i am trying to get on to the servers (port 4022) directly using FTP credentials, i am able to login and retrieve the directory.



But when i go thorugh the F5, i am able to login but not able to retrieve the directory.



I have configured the FTP profile with Data port as 0.



I see an error saying "failed to retrieve directory listing" after i am logged into server.



Can anyone suggest me, what are the configurations that have to be done on F5 in this case.

  • Sorry Nate, im not the one with the issue here im trying to help mroark and Rick also. I posted my prod config so they could see working config that works for Active and passive and with a "0" in the profile. And I have posted the bugs I have encountered with Passive FTP as I had issues myself which where resolved by eng hotfixes from F5 and now more newer versions.


    Hi Chris, I understand now. Sorry I was just trying to post some data for clarification because you were totally correct and I kept confusing your posts with mroark's posts.


    The data port of 0 is valid and I should have expanded on that more. Also, I just realized that I need to look at the names more closely because as you guessed I thought that was his configuration and I keep getting your response and his confused.


  • all good, sorry if i confused anyone


    if we could get some more info from mroark on the current config of the VIP and Pool and monitor and profile etc we might be able to help more.


    From a TCPDump perspective if we can get some info on vlans and traffic direction plus source IP we could provide a TCPDUMP command that would help show the connections on client/server side of the F5.


    But need that info first.


  • I'm a noob at the F5, i did open a case with TAC and they advised me to upgrade to BIG-IP 11.3.0 Build 3144.0 Hotfix HF8. that did not resolve the issue. is there a cli command that i can run to pull the configs that you need to look at?


  • ok lets start with the following command and find the FTP VIP and then paste the output


    tmsh list ltm virtual


    lol, mroark you can also use:


    tmsh list ltm virtual


    If you want a bit more specific output and then scrub that.


  • How was your problem resolved. I am heaving same problem with port range of 50000-52500 and when server send the entering into passive mode command, F5 send the TCP Reset.