0

I have a question about our FTP server configuration. So we currently have 2 FTP servers with are being load-balanced. The two servers and load balancer are only accessible on our internal network.

Now, our FTP configuration works fine. I can manage our FTP servers trough our load balancer with WinSCP and FileZilla etc... but if I send a file with the default .NET FTP client, I got some issues with the data port connection.

So problem happens when the load balancer sends the PASV response with the IP address and port where the client has to send his data to. So instead of sending the load balancer IP, the IP of the real server is send. FTP client seems to ignore the IP part of the PASV command and wants to connect to the original IP with of course fails because there are no ports open on the load balancer.

Now, the real question is: is it against the FTP specification that the load balancer sends the IP address of the real server instead of its own IP address?

WinSCP and FileZilla doesn't make a issue of that. I also found out that I had to disable "setRemoteVerificationEnabled(false)" in the Java commons-net lib to make it work in Java. We connect to FTP server with FTP explicit and inplicit.

Ola Ström
  • 177
  • 1
  • 1
  • 6
Nico van roy
  • 1
  • 1
  • What ftp servers and load balancer are you using? You say the load balancer is behind a NAT. Correctly NATting ftp requires a router that inspects ftp packets. On Linux this is solved with the **nf_nat_ftp** module. – Piotr P. Karwasz Dec 17 '19 at 00:28
  • We are using oracle mft as ftp server and Citrix as loadbalancer. Both are working correct with Winscp and Filezilla. Its just some clients like the default .net library that has issues with it. – Nico van roy Dec 17 '19 at 08:04

0 Answers0