Hello!
Of all the complex stuff we have accomplished with our srx240's (chassis cluster, routing-instances, site2site VPNs, OSPF, VLANs on reth interfaces etc....) I figured FTP would be trivial...
I've read through MANY of the posts relating to this issue, but still can't get it working!
The symptoms are: the initial connection is established (you can login, and change directories), but not list or transfer files.
rmckennon@rmckennon:~$ ftp ftp.xyz.com
Connected to www.xyz.com.
220 (vsFTPd 3.0.2)
Name (ftp.xyz.com:rmckennon): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp> cd pub
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp> get large.img
local: large.img remote: large.img
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp> quit
Of course it works fine if I don't go through the srx.
Here's sections from my config:
SRX240
version 12.1X46-D15.3
security nat destination:
pool FTP {
routing-instance {
PRIVATE;
}
address 10.120.30.21/32 port 21;
}
rule FTP {
match {
destination-address xx.yy.zz.38/32;
destination-port 21;
protocol tcp;
}
then {
destination-nat {
pool {
FTP;
}
}
}
}
global address book:
address FTP 10.120.30.21/32;
from zone untrust to zone trust:
policy FTP {
match {
source-address any;
destination-address FTP;
application junos-ftp;
}
then {
permit;
}
}
rmckennon@peak10-juniper> show security alg status
ALG Status :
FTP : Enabled
What am I missing???
Rob McKennon