Hey Roberto,
Yes, there is a misconfiguration in both config snippets that you sent: frontend Frontend_FTP bind *:21 bind *:20000-20010 mode tcp option tcplog timeout client 1h default_backend HAProxy_BE backend HAProxy_BE mode tcp server HAProxy-Node-2 172.17.17.1:21<http://172.17.17.1:21/>check port 21 In your frontend, you are accepting connections on Port 21 and 20000-20010 But in your backends, you forward all connections to Port 21, even the data connections. I don’t know if you can configure HAProxy in a way to dynamically use the same port to the backend, that was used in the frontend. But I am not aware of such a feature. You could explicitly create all listeners for the data ports you use and explicitly forward them to the same port. Would not be beautiful config, but would work. Cheers Marno Am 15.04.2022 um 02:39 schrieb Roberto Carna <robertocarn...@gmail.com>: Dear all, I have to put to work an FTP server (Filezilla) in my backend network, as this: Internet -- Firewall -- HAProxy Frontend -- HAProxy Backend -- FTP server (passive mode) This is my configuration in my HAProxy FE: frontend Frontend_FTP bind *:21 bind *:20000-20010 mode tcp option tcplog timeout client 1h default_backend HAProxy_BE backend HAProxy_BE mode tcp server HAProxy-Node-2 172.17.17.1:21<http://172.17.17.1:21> check port 21 This is my configuration in my HAProxy BE: frontend Backend_FTP bind *:21 bind *:20000-20010 mode tcp option tcplog timeout client 1h default_backend FTP_Server backend FTP_Server mode tcp server HOST-FTP 10.12.1.4:21<http://10.12.1.4:21> check port 21 The FTP control session works OK, but the data session fails. Is there any error in the HAProxy configuration files from Frontend and Backend? Special thanks, regards!!!