FTP Issue for NAT 1:1
enable ftp-proxy at all interface - WAN, DMZ and LAN
Server A is located at LAN using 1:1 NAT to a public IP address
1. When i try to FTP from Server A to an external FTP Server, I am able to authenticated however unable to put/get file from the server
2. When i try using a workstation located at the same network however is NAT behind the LAN interface Gateway (without own public address), I am able to access to the external FTP Server.
This is what I had done:
1. Create a LAN firewall rule from Server A to External allow TCP any
2. Remove the NAT 1:1 for Server A
then only i am able to access to the external FTP server
Is there any better solutions rather than option 1 and 2, option 2 is totally out.. I might need to live with option 1 if there isn't better solutions.
refering number 2 for Outgoing FTP,
"If you have a restrictive ruleset (only allowing certain ports) then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8020"
Where should i create this rule? at LAN interface?
ie: any to 127.0.0.1 port TCP 8000-8020 allow
On the incoming interface, yes. Most likely LAN.