NLB for FTP + Preserve client IP addresses

Question

When I was looking for an FTP option for these rather old HMI systems, I opted for AWS Transfer Family. I found https://medium.com/@artem.hatchenko/aws-transfer-public-ftp-aea22d9e9eff and used it a few months ago. Today, in an effort to help improve the traceability and security I am trying to preserve the client IP addresses and use them during the authentication process which would provide a log and an ability to setup some WAF rate limiting to help with the brute force attempts.

However, whenever I enable preserve client IP address on the NLB I can no longer connect to the FTP server. It times out. What am I missing about this that causes it to not connect any longer.

Answer

Hello.

What are the security group settings for AWS Transfer Family?  
If you want to keep the client IP address, I think you need to configure the AWS Transfer Family security group to allow the IP address from the client.

So, how about setting up a security group in NLB and setting it to allow inbound rules of AWS Transfer Family's security group?  
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

NLB for FTP + Preserve client IP addresses

関連するコンテンツ