Thread Info
  • State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 5357 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VSFTPD server behind Sophos UTM 9 NAT

Mallon Tech

Can anyone help me please?

I am trying to connect externally to a Vsftpd linux server behind a Sophos UTM9 on a lan .  See below DNATS and Firewall rule

My Ftp Client is Filezilla and it will not list the Directory, 

everything is setup correctly on the server side it can connect with username and password.

the ftp client retireves the directory listing i then get 

Response: 200 Switching to binary mode

Command port 192,168,43,91,117,60

Response  500 illegal port command

 

Has anyone any help or suggetsions that i can try or any sort of help at all i appreciate it.



This thread was automatically locked due to age.
Parents
  • 0

    It looks like you have configured DNAT rules with your public IP address as a host definition. You should use your External (Address) (the definition which by default has (Address) behind it, that't where the traffic is arriving and I guess then your DNAT rules will work.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Thanks for reply,  but i dont fully understand what you mean im sorry im new to this configuration and learning as i go.  maybe you could show me what you mean.  The Public IP address is the same as the the external IP address.  

    the Filezilla client connects,  verifys establishes tls connection etc see below

    Status:    Connection established, waiting for welcome message...
    Status:    Initializing TLS...
    Status:    Verifying certificate...
    Status:    TLS connection established.
    Status:    Server does not support non-ASCII characters.
    Status:    Logged in
    Status:    Retrieving directory listing...
    Command:    PWD
    Response:    257 "/xxxx/xxxxx/xxxxx" is the current directory
    Command:    TYPE I
    Response:    200 Switching to Binary mode.
    Command:    PORT 192,168,43,91,117,66
    Response:    500 Illegal PORT command.
    Error:    Failed to retrieve directory listing

    I have tried all i know.

    Does anyone know the correct dnat config for this please? 

     

  • 0 in reply to Mallon Tech

    Here you can see one of my DNAT rules (currently disabled). It's acting on traffic arriving on the predefined Interface (which by default also has (Address) behind it). If you look at the icon, you can see it's different from yours. So, be sure to have the DNAT active for traffic arriving on the interface definition not just a host/network definition your created yourself.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to Mallon Tech

    Here you can see one of my DNAT rules (currently disabled). It's acting on traffic arriving on the predefined Interface (which by default also has (Address) behind it). If you look at the icon, you can see it's different from yours. So, be sure to have the DNAT active for traffic arriving on the interface definition not just a host/network definition your created yourself.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML