Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

NLB for FTP + Preserve client IP addresses

0

When I was looking for an FTP option for these rather old HMI systems, I opted for AWS Transfer Family. I found https://medium.com/@artem.hatchenko/aws-transfer-public-ftp-aea22d9e9eff and used it a few months ago. Today, in an effort to help improve the traceability and security I am trying to preserve the client IP addresses and use them during the authentication process which would provide a log and an ability to setup some WAF rate limiting to help with the brute force attempts.

However, whenever I enable preserve client IP address on the NLB I can no longer connect to the FTP server. It times out. What am I missing about this that causes it to not connect any longer.

Temas
Migración y modernización
Etiquetas
AWS Transfer FamilyBalanceador de carga de red
Idioma
English
Mav
preguntada hace un mes304 visualizaciones
1 Respuesta
1

Hello.

What are the security group settings for AWS Transfer Family?
If you want to keep the client IP address, I think you need to configure the AWS Transfer Family security group to allow the IP address from the client.

So, how about setting up a security group in NLB and setting it to allow inbound rules of AWS Transfer Family's security group?
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

profile picture
EXPERTO
Riku_Kobayashi
respondido hace un mes
profile picture
EXPERTO
Oleksii Bebych
revisado hace un mes
  • Mav
    hace un mes

    The SG is set to allow 0.0.0.0/0

  • Mav
    hace un mes

    I forgot to say I only have 1 VPC and 1 SG. So it is in the same SG as the Transfer Family server.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante