Carp and ftp
Is it possible to set up ftp behind carp and VIP?
Problem is that I cannot set the range of ports ex. 20-21,60000-65000 for passive connections. Or I should just forward them (not VIP) separate to each ftp server, and leave for VIP ports 20,21?
Another problem which I found, that in Outbound NAT I can set up only network or any, I cannot write just one host ip.
I want in Outbound nat for DMZ, set up > FTP server ex. 192.168.0.2 > Gateway FTP (my VIP).
Thanks for help
It should work if you setup portforwards for the CARP IP for all needed ports or if you use the ftp proxy. Enable the ftp-proxy at WAN and add a portforward for port 21 o the ftp-server. It will create a second firewallrule pointing to 127.0.0.1. The ftp proxy will then handle the other ports needed by ftp.
Concerning the outbound NAT, a single IP is a network with subnet /32 ;)
So if I understand you correctly for each ServerPool-Virtual_IP-open_port_wan_firewall I need create additional entry for Forward ports in NAT.
I thought that creation Virtual IP for CARP and connection VIP to Server Pool is enough. It means it creates forward.
Because I can connect from outside to server behind CARP VIP and pool (just it doesn't work correctly :( ).
If I have to add the same information to VIP-Server_Pool and later to NAT->Forward, I do the same job twice. And with many ports it can be a bit difficult to manage.
You probably want to use 1:1 NAT and just create firewallrules to permit desired traffic.
NAT 1:1 to FTP servers from one VIP to ServerPool 192.168.2.2 and 192.168.2.3?
I though NAT 1:1 is one VIP-> one server.