Carp and ftp
-
Hi!
Is it possible to set up ftp behind carp and VIP?
Problem is that I cannot set the range of ports ex. 20-21,60000-65000 for passive connections. Or I should just forward them (not VIP) separate to each ftp server, and leave for VIP ports 20,21?
Another problem which I found, that in Outbound NAT I can set up only network or any, I cannot write just one host ip.
I want in Outbound nat for DMZ, set up > FTP server ex. 192.168.0.2 > Gateway FTP (my VIP).Thanks for help
Hans
-
It should work if you setup portforwards for the CARP IP for all needed ports or if you use the ftp proxy. Enable the ftp-proxy at WAN and add a portforward for port 21 o the ftp-server. It will create a second firewallrule pointing to 127.0.0.1. The ftp proxy will then handle the other ports needed by ftp.
Concerning the outbound NAT, a single IP is a network with subnet /32 ;)
-
So if I understand you correctly for each ServerPool-Virtual_IP-open_port_wan_firewall I need create additional entry for Forward ports in NAT.
I thought that creation Virtual IP for CARP and connection VIP to Server Pool is enough. It means it creates forward.
Because I can connect from outside to server behind CARP VIP and pool (just it doesn't work correctly :( ).
If I have to add the same information to VIP-Server_Pool and later to NAT->Forward, I do the same job twice. And with many ports it can be a bit difficult to manage.Regards,
Hans
-
You probably want to use 1:1 NAT and just create firewallrules to permit desired traffic.
-
NAT 1:1 to FTP servers from one VIP to ServerPool 192.168.2.2 and 192.168.2.3?
I though NAT 1:1 is one VIP-> one server.Hans