show nat destination rule 10
description REPO_ACCESS
destination {
address 11.26.25.5
port 21,22,80,443,49152-65534
}
inbound-interface eth0
protocol tcp
translation {
address 172.16.9.23
}
in the firewall the exist a rule allowing this traffic,
and after connecting from a machine in an external network, the ftp return
Response: 220 ProFTPD 1.3.5e Server (repo) [172.16.9.23]
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 230 Anonymous access granted, restrictions apply
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: TVFS
Response: MFMT
Response: LANG en-US.UTF-8*;en-US
Response: SIZE
Response: MFF modify;UNIX.group;UNIX.mode;
Response: REST STREAM
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response: UTF8
Response: EPRT
Response: EPSV
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 “/” is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (172,16,9,23,203,210).
So, it returns the internal address of the FTP, instead of the translated address which is 11.26.25.5, and never I can see the files.
This didn’t happen in version 1.4-rolling-202212280917, but after the update to version 1.4-rolling-202306210315 is happening.