Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

NLB for FTP + Preserve client IP addresses

0

When I was looking for an FTP option for these rather old HMI systems, I opted for AWS Transfer Family. I found https://medium.com/@artem.hatchenko/aws-transfer-public-ftp-aea22d9e9eff and used it a few months ago. Today, in an effort to help improve the traceability and security I am trying to preserve the client IP addresses and use them during the authentication process which would provide a log and an ability to setup some WAF rate limiting to help with the brute force attempts.

However, whenever I enable preserve client IP address on the NLB I can no longer connect to the FTP server. It times out. What am I missing about this that causes it to not connect any longer.

Argomenti
Migrazione e modernizzazione
Tag
AWS Transfer FamilyEquilibratore di carico rete
Lingua
English
Mav
posta un mese fa300 visualizzazioni
1 Risposta
1

Hello.

What are the security group settings for AWS Transfer Family?
If you want to keep the client IP address, I think you need to configure the AWS Transfer Family security group to allow the IP address from the client.

So, how about setting up a security group in NLB and setting it to allow inbound rules of AWS Transfer Family's security group?
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

profile picture
ESPERTO
Riku_Kobayashi
con risposta un mese fa
profile picture
ESPERTO
Oleksii Bebych
verificato un mese fa
  • Mav
    un mese fa

    The SG is set to allow 0.0.0.0/0

  • Mav
    un mese fa

    I forgot to say I only have 1 VPC and 1 SG. So it is in the same SG as the Transfer Family server.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente