Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

NLB for FTP + Preserve client IP addresses

0

When I was looking for an FTP option for these rather old HMI systems, I opted for AWS Transfer Family. I found https://medium.com/@artem.hatchenko/aws-transfer-public-ftp-aea22d9e9eff and used it a few months ago. Today, in an effort to help improve the traceability and security I am trying to preserve the client IP addresses and use them during the authentication process which would provide a log and an ability to setup some WAF rate limiting to help with the brute force attempts.

However, whenever I enable preserve client IP address on the NLB I can no longer connect to the FTP server. It times out. What am I missing about this that causes it to not connect any longer.

Themen
Migration und Modernisierung
Tags
AWS Transfer FamilyNetwork Load Balancer
Sprache
English
Mav
gefragt vor einem Monat300 Aufrufe
1 Antwort
1

Hello.

What are the security group settings for AWS Transfer Family?
If you want to keep the client IP address, I think you need to configure the AWS Transfer Family security group to allow the IP address from the client.

So, how about setting up a security group in NLB and setting it to allow inbound rules of AWS Transfer Family's security group?
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Monat
profile picture
EXPERTE
Oleksii Bebych
überprüft vor einem Monat
  • Mav
    vor einem Monat

    The SG is set to allow 0.0.0.0/0

  • Mav
    vor einem Monat

    I forgot to say I only have 1 VPC and 1 SG. So it is in the same SG as the Transfer Family server.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt