Forum Discussion
Hi Petak. I think you are mixing things up here. Let me explain.
Regardless which FTP type you are using, the connection will happen between the client and the server. It is the client who requests the type of FTP. The server will just need to be compatible to the respective ftp mode.
Then you have the F5 which is really just a proxy - i.e. it would facilitate the connection between the client and the server; in your case, it will also load balance the requests.
Normally the Active FTP is the default - but that causes problems because the server will at some stage initiate a connection back to the cient. If the client is behind NAT (which is normally the case), you will have problems. Hence the use of Passive-FTP where all needed tcp connections are initiated by the client.
So ...
-
With that said, is there a way to test your client-server passive ftp connection bypassing the F5? For instance, use a client on the same network with the servers sitting "behind" the F5. Does it work? If it doens't work without the F5, it won't work once you introduce the F5 either.
-
Have you assigned the right profile the the VS (FTP profile) in this case?
-
Also, what problems do you actually see? Does it never work? Does it work intermittently?
If my memory is not failing me, I believe I have previously setup FTP passive / active on F5 it was very straight forward. No iRules needed, no fancy configuration at all. One thing you will likely have to do is setup persistence - and that's about as fancy as you gonna get.
But I could be wrong ...
Hi @Gonzalex, first for all, thanks for answer me.
Our Ftp Servers have Pasv_ports defined, so the client receive the pasv_address and the port range that need to go via passive mode.
When I configured the VIP with the preffered configuration to FTP ( Ftp profile ) ( type: standard) (tcp profile ) ( translation auto-map ), the client received a RST ACK trying to do " quote pasv ". If I do the same bypassing the LB, the client receive the port range for passive and connect to the server without issues in pasv mode.
Reading some post about it in this forum, i tried with different combinations, but always with the same results.
So now i have this working with the following configuration
Vip-> Perfomance Layer4 , FastL4 profile, Auto-map, All services. or Vip-> Standard , Tcp profile
If i try to add Ftp profile ( default or with data port "0" ) or if i change the VIP service to FTP, i automatically receive RST ACK from the LB. ( I have also configured a Irule in the VIP that allows port ranges 20-21 & 30001-30020 )