Carp and ftp



  • Hi!
    Is it possible to set up ftp behind carp and VIP?
    Problem is that I cannot set the range of ports ex. 20-21,60000-65000 for passive connections. Or I should just forward them (not VIP) separate to each ftp server, and leave for VIP ports 20,21?
    Another problem which I found, that in Outbound NAT I can set up only network or any, I cannot write just one host ip.
    I want in Outbound nat for DMZ, set up > FTP server ex. 192.168.0.2 > Gateway FTP (my VIP).

    Thanks for help

    Hans



  • It should work if you setup portforwards for the CARP IP for all needed ports or if you use the ftp proxy. Enable the ftp-proxy at WAN and add a portforward for port 21 o the ftp-server. It will  create a second firewallrule pointing to 127.0.0.1. The ftp proxy will then handle the other ports needed by ftp.

    Concerning the outbound NAT, a single IP is a network with subnet /32  ;)



  • So if I understand you correctly for each ServerPool-Virtual_IP-open_port_wan_firewall I need create additional entry for Forward ports in NAT.
    I thought that creation Virtual IP for CARP and connection VIP to Server Pool is enough. It means it creates forward.
    Because I can connect from outside to server behind CARP VIP and pool (just it doesn't work correctly :( ).
    If I have to add the same information to VIP-Server_Pool and later to NAT->Forward, I do the same job twice. And with many ports it can be a bit difficult to manage.

    Regards,
    Hans



  • You probably want to use 1:1 NAT and just create firewallrules to permit desired traffic.



  • NAT 1:1 to FTP servers from one VIP to ServerPool 192.168.2.2 and 192.168.2.3?
    I though NAT 1:1 is one VIP-> one server.

    Hans


Log in to reply