09-13-2017 09:29 AM
I have created a internal zone IP address I want to use as generic for FTP communications 192.168.1.9.
I want to NAT this IP to our current FTP server 192.168.1.19. This way when our FTP server changes we just change our NAT rule rather than the rest of our partner companies firewalls, routes, etc.
I've created a DNAT rule and able to ping 192.168.1.9 and get a response from 192.168.1.19, but unable to connect via ftp.
I've done this before successfully between network zones (subnets) but not on the same zone (subnet) so far.
10-12-2017 07:37 AM
For it to work from outside you need:
From zone - Untrust
To zone - Untrust
Destination Address - 220.127.116.11
Service - create new tcp-21 with protocol tcp and port 21
Destination translation - 192.168.32.19
NB! Place this new wan rule above WebServer1 rule because otherwise WebServer1 will NAT all ports to 192.168.1.9
09-13-2017 09:37 AM
Hey do I understand correctly that clients and FTP server are both internal in 192.168.1.x subnet?
Can you show your DNAT rule?
09-13-2017 09:42 AM - edited 09-13-2017 09:49 AM
Thanks. Maybe I should create a source bi-directional rule. But do not want to disturb regular traffic to 192.168.1.19.
FTP-IP1 = 192.168.1.9
Private = 192.168.1.19
09-13-2017 09:52 AM
You have to add source nat also to the rule.
Traffic must source from firewall internal IP.
09-13-2017 10:19 AM
Thank you. Do you know if that would effect communications with clients that are currently connecting and using IP 192.168.1.19 directly?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!