Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 7917 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

filezilla ftp server behind UTM

panicos

Hello everybody,

 

I am trying to make FTPS server home, behind the UTM, but it does not work and cannot figure it out. My setup:

-I have a dynamic public IP address with DYNDNS.

-Filezilla FTP server is accessible from within my LAN (all good). Also, i have configured the range of passive ports in the server.

-on UTM i have configured the DNAT rules for port 21, 990 and the passive range of ports; anyone who comes from any port, towards my external IP address, should get redirected to the internal FTP server on the same dst ports (21,990, and passive range)

-on UTM the FTP tracker helper is enabled

I don t have webfiltering, I have IPS but it is the same with it disabled.

When i try to initiate a connection from outside, towards my FTP server, the FTP client reports:

"Connecting to (my ext IP):21

Connection established, waiting for welcome message...

Connection timed out after 20 sec of inactivity"  -> and here it dies

 

If i check the firewall logs, i can see there is a lot of traffic being droped

 

86.121.3.79 is my ext IP address

10.2.2.249 is my internal FTP address

82.137.10.26 is one of the ISP's address

00:1b:21:17:b2:85 is the MAC add of my internal interface (LAN)

THe log gets filled with the above traffic, when trying a session.

As you see, while trying a connection from outside, traffic matches NAT rule #2 but then 82.137.10.26 tries to do the same directly with 10.2.2.249 and it gets blocked (ofc). Why is this traffic happening? What is the explination? How can i make it work?

 

Thanks you



This thread was automatically locked due to age.
Parents
  • +1

    Hi All,

    An iteration of steps we followed to resolve the issue:

    First, we suspected it to be a fragmentation issue caused due to the bad MTU value as the WAN interface was set to DHCP but the issue was found in the Host Definition created for the FTP Server. The IP address of the Server was bind to an interface, changing this value to ANY resolved the routing problem. 

    Be careful with binding network definitions to particular interfaces, as this might lead to conflicts with other configurations. Data packets sent through these particular interfaces could get lost and this would be hard to detect.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    totally agree with that. thanks a lot. topic may be closed

  • 0 in reply to panicos

    Refer to #3 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML