I have a Watchguard XTM 505 that I need a user to open up their FTP client and connect to the outside IP address of the building and have the watchguard forward that request to the ftp server at 192.168.1.5. The user has a username and password in the users/groups area. How can this be accomplished without having the user create a VPN? Thanks for any assistance!!
Asked
Active
Viewed 1,773 times
1
-
Ok That works all right, the probles is when I use a VLAN with TAGGED trafic, it automatically stops. can anyoune help?? – Dec 05 '13 at 12:23
-
If you have a new question, please ask it by clicking the [Ask Question](http://serverfault.com/questions/ask) button. Include a link to this question if it helps provide context. – slm Dec 05 '13 at 12:47
1 Answers
2
Sounds like you just need to add an FTP Filter policy to your XTM box with a NAT rule set on it:
- Connect to the XTM505 with Fireware Policy Manager
- Add a new 'FTP Filter' policy
- Remove 'Any-External' from the To: field
- Add > Add NAT...
- Verify your external IP Address is the one you want
- Type in 192.168.1.5 in the Internal IP Address field
- Consider changing the From: field from 'Any-Trusted' to just the static public IP of your User (if they have one), so only they will be able to connect to your FTP server externally and not any script kiddies or Joe Hacker.
- Click OK > Close to add that new FTP policy to your policy list
- Save > To Firebox to store the new configuration.
This will open TCP port 21 up on your external IP address and pass all FTP traffic through to your server on 192.168.1.5. User just needs to FTP to your external IP address where they'll be prompted for their FTP username and password.
SteveBurkett
- 990
- 4
- 6