Nimbostratus
I have configured what seems to be a ftp virtual server. Can connect and login, but when I try to "dir", unable to build data connection : connection refused. Seems not dynamically building data port connection. ASM is in the dmz. What's weird is that it works internally but does not work from outside(internet).
Cirrostratus
Manual Chapter: Load Balancing Passive Mode FTP Traffic with Data Channel Optimization
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/21.html
Aaron
Nimbostratus
Employee
this is mine. ftp client ip is 172.28.19.251. it is in external vlan.
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.79:21
ip protocol 6
profiles {
ftp {}
tcp {}
}
}
[root@ve1023:Active] config b pool foo list
pool foo {
members 200.200.200.101:21 {}
}
1 active mode ftp
[root@centos251 tmp] ncftp 172.28.19.79
NcFTP 3.2.0 (Aug 05, 2006) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to 172.28.19.79...
(vsFTPd 2.0.5)
Logging in...
Login successful.
Logged in to 172.28.19.79.
ncftp / > set passive off
ncftp / > cd pub
Directory successfully changed.
ncftp /pub > ls -l
-rw-r--r-- 1 0 0 1012865024 Apr 6 2012 BIGIP-11.1.0.1943.0.iso
ncftp /pub > get BIGIP-11.1.0.1943.0.iso
BIGIP-11.1.0.1943.0.iso: 965.94 MB 22.09 MB/s
[root@ve1023:Active] config b conn show all
VIRTUAL 172.28.19.79:21 <-> NODE 200.200.200.101:21 TYPE any 1/0
CLIENTSIDE 172.28.19.251:33027 <-> 172.28.19.79:21
(pkts,bits) in = (30, 1870) out = (21, 2001)
SERVERSIDE 200.200.200.10:33027 <-> 200.200.200.101:21
(pkts,bits) in = (27, 2309) out = (26, 1668)
PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f
VIRTUAL 172.28.19.79:21 <-> NODE 172.28.19.251:43590 TYPE any 1/0
CLIENTSIDE 200.200.200.101:20 <-> 200.200.200.10:43590
(pkts,bits) in = (113361, 169.4M) out = (10740, 575012)
SERVERSIDE 172.28.19.79:20 <-> 172.28.19.251:43590
(pkts,bits) in = (10740, 575012) out = (113361, 169.4M)
PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP internal 00:50:56:b3:01:0b
2 passive mode ftp
[root@centos251 tmp] ncftp 172.28.19.79
NcFTP 3.2.0 (Aug 05, 2006) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to 172.28.19.79...
(vsFTPd 2.0.5)
Logging in...
Login successful.
Logged in to 172.28.19.79.
ncftp / > set passive on
ncftp / > cd pub
Directory successfully changed.
ncftp /pub > get BIGIP-11.1.0.1943.0.iso
BIGIP-11.1.0.1943.0.iso: 965.94 MB 18.07 MB/s
[root@ve1023:Active] config b conn show all
VIRTUAL 172.28.19.79:21 <-> NODE 200.200.200.101:21 TYPE any 1/0
CLIENTSIDE 172.28.19.251:33028 <-> 172.28.19.79:21
(pkts,bits) in = (24, 1487) out = (17, 1632)
SERVERSIDE 200.200.200.10:33028 <-> 200.200.200.101:21
(pkts,bits) in = (23, 1943) out = (22, 1387)
PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f
VIRTUAL 172.28.19.79:6925 <-> NODE 200.200.200.101:6925 TYPE any 1/0
CLIENTSIDE 172.28.19.251:42992 <-> 172.28.19.79:6925
(pkts,bits) in = (46521, 2.499M) out = (489847, 731.8M)
SERVERSIDE 200.200.200.10:42992 <-> 200.200.200.101:6925
(pkts,bits) in = (489847, 731.8M) out = (46521, 2.499M)
PROTOCOL 6 UNIT 1 IDLE 0 (300) LASTHOP external 00:50:56:b3:03:8f