Good morning.
I have FTP problems then ask about FTP and VPN.
I will briefly summarize the current situation.
0) First, the FTP server is set to a specific port, not to ports 20 and 21 for security reasons.
1) Disability description:
Data communication failure through VPN device : client (Windows) -> FTP server (Linux)
Connection to FTP command port (specific port) was successful but connection to data port for transfer data(packets) such as DIR(specific port or random port) was failed.
2) Failure message:
200 PORT command successful. Consider using PASV. 425 Failed to establish connection.
3) Trial:
I tried to change the mode of the FTP server (ACTIVE, PASSIVE), but I verified that the data port was changed on the server, but the same error occurred.
4) Failover:
After allowing the firewall policy on all the listening ports of the client, the connection was successful.
In conclusion, I think the problem is the data TCP port on the client side.
Here are the questions I would like to ask you.
1) I have used these ports without problems for more than 1 year, but I do not know what caused the problem suddenly.
The current "Fixed Receive Port" or "Port Range Limit" seems to be a roundabout method and I wonder how to determine the cause of the occurrence.
Previously, why was the client receive data port a particular port?
Or, I want to know if a VPN device has failed and packets are coming in without going through a VPN.
2) Is it possible to use the fixed data receiving port?
(It is not enough to limit the TCP port range, but the minimum limit is 255. This is not possible by policy.)
The ideal situation I think is,
#1
server port: 50020 (data), 50021 (command)
clinet port: ramdom ports (data, command) no Firewall restrictions using(through) VPN
#2
server port: 50020 (data), 50021 (command)
clinet port: 50010 ~ 50020 (data), 50021 (command)
If there is anything you don't understand, I will explain it at any time.
Please feel free to share your thoughts and how to check.
Thank you.
