Hi Marno & Roberto,
You can simply redirect to the matching frontend port by not specifying
a port in the backend, it will automatically hit the same port that was
used in the front-end connection. That should make for a much cleaner
configuration 😉
It's documented in section 2.5
<https://cbonte.github.io/haproxy-dconv/2.5/configuration.html#4.2-server>
if you want to read up on it.
So simply using the following backend should work :
backend HAProxy_BE
mode tcp
server HAProxy-Node-2 172.17.17.1 check port 21
Cheers,
Erwan
On 15/04/2022 09:10, Marno Krahmer wrote:
Hey Roberto,
Yes, there is a misconfiguration in both config snippets that you sent:
frontend Frontend_FTP
bind *:21
bind *:20000-20010
mode tcp
option tcplog
timeout client 1h
default_backend HAProxy_BE
backend HAProxy_BE
mode tcp
server HAProxy-Node-2 172.17.17.1:21
<http://172.17.17.1:21/>check port 21
In your frontend, you are accepting connections on Port 21 and 20000-20010
But in your backends, you forward all connections to Port 21, even the
data connections.
I don’t know if you can configure HAProxy in a way to dynamically use
the same port to the backend, that was used in the frontend.
But I am not aware of such a feature.
You could explicitly create all listeners for the data ports you use
and explicitly forward them to the same port.
Would not be beautiful config, but would work.
Cheers
Marno
Am 15.04.2022 um 02:39 schrieb Roberto Carna <robertocarn...@gmail.com>:
Dear all, I have to put to work an FTP server (Filezilla) in my
backend network, as this:
Internet -- Firewall -- HAProxy Frontend -- HAProxy Backend -- FTP
server (passive mode)
This is my configuration in my HAProxy FE:
frontend Frontend_FTP
bind *:21
bind *:20000-20010
mode tcp
option tcplog
timeout client 1h
default_backend HAProxy_BE
backend HAProxy_BE
mode tcp
server HAProxy-Node-2 172.17.17.1:21 <http://172.17.17.1:21>
check port 21
This is my configuration in my HAProxy BE:
frontend Backend_FTP
bind *:21
bind *:20000-20010
mode tcp
option tcplog
timeout client 1h
default_backend FTP_Server
backend FTP_Server
mode tcp
server HOST-FTP 10.12.1.4:21 <http://10.12.1.4:21> check port 21
The FTP control session works OK, but the data session fails.
Is there any error in the HAProxy configuration files from Frontend
and Backend?
Special thanks, regards!!!