Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 19927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passive FTP NAT

DMR188

Has anyone successfully setup an FTP server and been able to connect to it over the WAN?  I have tried every setting under the sun with no luck.  It will connect fine if I use Active Mode, so I know the NAT is working, but not with Passive.  I've tried removing IPS polices, changing the MASQ to off, etc, etc.  And unfortunately with the lack of logging, I can't determine why its not connecting. Please let me know if anyone has found any tricks.

Thanks



This thread was automatically locked due to age.
  • 0

    Hi,

    I will need more information on this matter to investigate further. Please provide the configuration screen shot on UTM and the logs captured on FTP when a connection is attempted.

    Also, did you map all the Ports in the Business Rule for FTP, instead of mapping specific ports for communication ?

    Awaiting response.

    Thanks

    Sachin Gurung

  • 0

    As a former Cyberoam user I've learned some tricks that might apply here. I was running an FTP server on my LAN and couldn't access it, even with al the right port forwarding statements.

    I logged a case with Cyberoam and this resulted in two console statements to get it working

    1) Since I was using port 2121 as a public port (and private port as well): set service-param FTP add port 2121

    2) And this setting was advised to change the FTP scanning behaviour: set advanced-firewall ftpbounce-prevention data
    Both commands have to be applied in the service console.

    Since switching from Cyberoam to SophosXG I had to apply the same commands to SophosXG ;-)

    Hope this helps!

  • 0 in reply to JohanCamps

    Johan,

    both commands can be execute on XG either. Access the console using Putty or Console option fromthe WebAdmin page and execute both commands. The syntax is the same.

  • 0 in reply to lferrara

    Thanks, already did that and it worked for me. Hopefully this helps Dan, the original poster