Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2932 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ftp/ssh nat

alehman
Trying to get FTP over SSH to work via NAT. I created an SNAT rule for any traffic to the server with automatic firewall rules, but Filezilla reports:

Error: Disconnected: No supported authentication methods available (server sent: )
Error: Could not connect to server

Firewall log shows two outgoing connections to port 22 and no drops. Nothing in IPS log.

Any ideas would be most appreciated.

Alan


This thread was automatically locked due to age.
  • 0
    Hi,

    Assuming your server is inside the firewall, an Inbound NAT would be a DNAT.

    If it's an external server, please post a screenshot or full description of the SNAT.

    Barry
  • 0 in reply to BarryG
    Thanks for the quick reply. Outbound NAT. Server is remote. I've attached a screenshot.
  • 0
    Hi,

    1. please check that your network definition for secureftp... is not bound to an interface in 'advanced'

    2. make sure no other NATs match first (although a MASQ is OK)

    3. run tcpdump on the external interface and see if the packets look OK.

    4. also check the Application Control log

    Barry
  • 0
    If you have more than one ISP, you'll want to do this differently.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    1. Its says "any"
    2. No other NATS rules would match.
    3. I see outgoing packets and apparent reply packets from the server.
    4. Empty

    Bob - I do have two ISPs configured using uplink balancing.
  • 0
    In that case, I would use a Multipath rule binding 'Internal (Network) -> Any -> Secureftp' to the Sprint interface and a simple Masquerading rule ' Internal (Network) -> Uplink Interfaces'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner