Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Suspend
Explorer
Jump to solution

750 Appliance with a DMZ'ed FTP Server

Hello, I was hoping to get some help setting up an FTP server on the DMZ port of a 750 Series Appliance.  I guess I'm actually looked for a "best-practice" technique because I'm not sure what I've done is the "proper" way.

We have a static IP address for our internet connection and also have an additional static IP available for the FTP server, if desired.  I'd be happy using either.

So, I have the 750 setup and working.  I activated the DMZ port and gave it an internal IP.  I setup an FTP machine on that subnet, plugged it into the DMZ port.  Then setup a "server" object to forward the FTP ports to the FTP server's IP.  I currently have the NAT for the server object set to "Hide Behind Gateway (port forwarding).

Now, this setup works by accessing our main IP address BUT the FTP server software sees all incoming FTP connections as coming from our main (external) IP address.  Not the actual originating IP address of the client.  So it seems to me like the incoming traffic is getting "NAT"ed to our internet IP.  (Is that possible?)

At this point I don't know what I'm doing wrong.  What I'd like is for the FTP Software to see incoming FTP connections with the originating IP address.  This way I could block/ban certain IP's.  Right now I can't block any IP's because everything is coming in with our public IP address.

I've love an explanation of the correct way to do this.

 

Thanks....

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
My bad, actually you need to uncheck the "Force translated traffic to return to the gateway" option.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
Uncheck "Hide behind Gateway IP" in the Server object.
0 Kudos
Suspend
Explorer

Thanks for the quick reply!!

The "Hide Behind Gateway (port forwarding)" option cannot be "unchecked".  I would have to choose a different NAT such as "Static NAT" or "No NAT".

ServerObject.jpg

I've tried Static NAT with the same results.  I haven't been able to get "No NAT" to work because I don't understand what they mean by "Server's IP address is accessible from the internet".  I thought maybe that means I give the server computer our second public static IP but then it doesn't make sense how to configure the DMZ port because it wants to create an internal facing subnet, which seems to be counter-intuitive.

Help.  🙂

 

0 Kudos
PhoneBoy
Admin
Admin
My bad, actually you need to uncheck the "Force translated traffic to return to the gateway" option.
0 Kudos
Suspend
Explorer

You da man!!!!  Thank you!!!  That worked.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events