Forum Discussion

Shane_Terrick_9's avatar
Shane_Terrick_9
Icon for Nimbostratus rankNimbostratus
Feb 28, 2013

Basic FTP load balanicing

I am trygin to set up a basic load balanincing with the GTM and LTM for 2 servers behind the F5

 

 

I have created a WIP(on the GTM) to connect to the 2 load balanced server living behind the LTM device.(Created a VS, Pool and nodes in teh F5)

 

 

I have created an ftp monitor for the nodes that does test successfully, so teh pool is up but when i try to FTP to the WIP thru a command line I get teh following error. Not sure if I have a setting incorrect?

 

 

331 Anonymous access allowed, send identity (e-mail name) as password.

 

Password:

 

230 User logged in.

 

ftp> dir

 

501 Server cannot accept argument.

 

150 Opening ASCII mode data connection.

 

5 Replies

  • Did you apply ftp profile on the VIp? Also, do you have same VIP created for data port 20?
  • Posted By s3s1277 on 03/01/2013 10:41 AM

     

    Did you apply ftp profile on the VIp? Also, do you have same VIP created for data port 20?

     

     

    I do have the ftp profile applied . as for the same VIP with port 20, woudl i just create a second VIP with teh same name but port 20 as the service port?

     

     

  • OK, got the FTP portion working now creating a datagroup of IP address allowed to access the site.

     

    Need to craft the iRule(unless someone has one out there.)
  • Update.

     

    It is working now. I crafted(borrowed and tweaked )the iRule to restrict to only addresses in the epic_ftp datagroup.

     

    when CLIENT_ACCEPTED {

     

     

    Check if client IP is not in the allowed_clients_datagroup

     

    if { not [class match [IP::client_addr] equals epic_ftp]}{

     

     

    Disallowed client IP, send a tcp reset

     

    reject

     

    }

     

    }

     

     

    I am wondering if there is a way to notify if there are rejections?
  • Add something like this after the reject command to create a log entry in /var/log/ltm but note that this does present a small risk in the case where someone making a large number of invalid requests could fill your logs and even your disk;

    
    log local0. "Rejected FTP connection attempt from [IP::client_addr]."