Hi there
I have FTP server 192.168.22.26 in LAN with NAT on VyOS gateway. Now I use 1.4 build 2023-01-07. It works fine. Builds 2023-05-25 and 2023-06-08 are not working.
Here’s my config (eth1 is WAN interface):
nat {
destination {
rule 26 {
destination {
port 21
}
inbound-interface eth1
protocol tcp
translation {
address 192.168.22.26
}
}
source {
rule 11 {
outbound-interface eth1
translation {
address masquerade
}
}
}
}
Remove the firewall or provide firewall rules.
Or show
“sudo nft list ruleset”
“sudo lsmod | grep ftp”
Firewall removed at all.
Server’s log:
ftp_server.txt (582 Bytes)
sudo nft list ruleset
1.txt (4.5 KB)
sudo lsmod | grep ftp
2.txt (507 Bytes)
(build 2023-06-12; FTP server IP 192.168.22.44)
I found a way arround this issue using proftpd and the module ifsession, here’s how
LoadModule mod_ifsession.c
# Define a class for internal clients
From 192.168.0.0/16
# Internal clients get a different MasqueradeAddress
<IfClass internal>
MasqueradeAddress 192.168.9.13
</IfClass>
# All other clients get some different, public MasqueradeAddress
<IfClass !internal>
MasqueradeAddress 192.25.44.6
</IfClass>
so, for the clients on 192.168.0.0/16 the server repply as the address 192.168.9.13, but for other client’s it repplys as 192.25.44.6.
not ideal, but so far, it worked for me
My FTP has the settings to reply by different addresses. Unfortunately, it’s not a solution.
Old builds work OK → something wrong in conntrack’s ftp module.
is true, but at the moment, if you want to use the latest version. That’s the best way that I found, to do it.