Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Carp and ftp

    HA/CARP/VIPs
    2
    5
    2244
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khans last edited by

      Hi!
      Is it possible to set up ftp behind carp and VIP?
      Problem is that I cannot set the range of ports ex. 20-21,60000-65000 for passive connections. Or I should just forward them (not VIP) separate to each ftp server, and leave for VIP ports 20,21?
      Another problem which I found, that in Outbound NAT I can set up only network or any, I cannot write just one host ip.
      I want in Outbound nat for DMZ, set up > FTP server ex. 192.168.0.2 > Gateway FTP (my VIP).

      Thanks for help

      Hans

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        It should work if you setup portforwards for the CARP IP for all needed ports or if you use the ftp proxy. Enable the ftp-proxy at WAN and add a portforward for port 21 o the ftp-server. It will  create a second firewallrule pointing to 127.0.0.1. The ftp proxy will then handle the other ports needed by ftp.

        Concerning the outbound NAT, a single IP is a network with subnet /32  ;)

        1 Reply Last reply Reply Quote 0
        • K
          khans last edited by

          So if I understand you correctly for each ServerPool-Virtual_IP-open_port_wan_firewall I need create additional entry for Forward ports in NAT.
          I thought that creation Virtual IP for CARP and connection VIP to Server Pool is enough. It means it creates forward.
          Because I can connect from outside to server behind CARP VIP and pool (just it doesn't work correctly :( ).
          If I have to add the same information to VIP-Server_Pool and later to NAT->Forward, I do the same job twice. And with many ports it can be a bit difficult to manage.

          Regards,
          Hans

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            You probably want to use 1:1 NAT and just create firewallrules to permit desired traffic.

            1 Reply Last reply Reply Quote 0
            • K
              khans last edited by

              NAT 1:1 to FTP servers from one VIP to ServerPool 192.168.2.2 and 192.168.2.3?
              I though NAT 1:1 is one VIP-> one server.

              Hans

              1 Reply Last reply Reply Quote 0
              • First post
                Last post