By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

NLB for FTP + Preserve client IP addresses

0

When I was looking for an FTP option for these rather old HMI systems, I opted for AWS Transfer Family. I found https://medium.com/@artem.hatchenko/aws-transfer-public-ftp-aea22d9e9eff and used it a few months ago. Today, in an effort to help improve the traceability and security I am trying to preserve the client IP addresses and use them during the authentication process which would provide a log and an ability to setup some WAF rate limiting to help with the brute force attempts.

However, whenever I enable preserve client IP address on the NLB I can no longer connect to the FTP server. It times out. What am I missing about this that causes it to not connect any longer.

Topics
Migration & Modernization
Tags
AWS Transfer FamilyNetwork Load Balancer
Language
English
Mav
asked 19 days ago174 views
1 Answer
1

Hello.

What are the security group settings for AWS Transfer Family?
If you want to keep the client IP address, I think you need to configure the AWS Transfer Family security group to allow the IP address from the client.

So, how about setting up a security group in NLB and setting it to allow inbound rules of AWS Transfer Family's security group?
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

profile picture
EXPERT
Riku_Kobayashi
answered 19 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 18 days ago
  • Mav
    18 days ago

    The SG is set to allow 0.0.0.0/0

  • Mav
    17 days ago

    I forgot to say I only have 1 VPC and 1 SG. So it is in the same SG as the Transfer Family server.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content