Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 3322 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to connect to FTP server on local LAN from any device behind a RED.

WABGOR_DAVE

Hello all,

Am I missing something simple, as no matter which of the 5 REDs we have, any client behind them can't connect to the FTP server (port 21) on the main subnet.

I've tried several FTP programs (currently favouring WINscp) and they all "time out".  I've checked the Firewall logs and nothing is being blocked or dropped.

I can FTP from any client on the main/local/same subnet 10.20.X.X ==> 10.20.X.Y (ftp server), but trying from say 10.10.X.X ==> 10.20.X.Y just times out.

SSH (port 22) works, but FTP is no bueno.



This thread was automatically locked due to age.
Parents
  • 0

    Where do we add the subnets in the RED config?

    Here are the wireshark capture snippits from a same subnet and a failed subnet:

    same (works)

    Behind RED (failed)

    Are there other logs that I should be checking?

  • 0 in reply to WABGOR_DAVE

    This feels like a problem with the firewall on the server, Dave.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, pleasure as always to see you on here! I was thinking the same, however, in testing with other FTP Server connections, typically I the software returns a connection REFUSED/REJECTED and not a time out.

    Again, pardon my newbness, but, is there a way to either proxy, masquerade or segment out a range of the 10.7X.X.X network to appear to come from the 10.2X.X.X network?

    I'm also going to run a test by VPNing in, and seeing if that too causes the same issue.

Reply
  • 0 in reply to BAlfson

    Bob, pleasure as always to see you on here! I was thinking the same, however, in testing with other FTP Server connections, typically I the software returns a connection REFUSED/REJECTED and not a time out.

    Again, pardon my newbness, but, is there a way to either proxy, masquerade or segment out a range of the 10.7X.X.X network to appear to come from the 10.2X.X.X network?

    I'm also going to run a test by VPNing in, and seeing if that too causes the same issue.

Children
Unfiltered HTML