04-24-2007 08:08 AM - edited 03-03-2019 04:41 PM
Hello,
I am having a routing problem with people trying to reach my FTP site from the outside. I have PAT in place for many computers on 1 ip address. I have also statically routed my outside ip address 38.100.6.xx 21 to my server ip address 192.168.0.xx 21 using nat, but no one is able to get through. I am using Windows IIS 6 for my FTP site and do not allow anonymous log-ins, but the log-in box does not pop up. I know it is a router problem because I have an old Linksys router that I switch with my Cisco Router and it allows access to the site. Unfortunately it is no longer stable which is why I upgraded to Cisco. Could someone please help? Listed below is my configuration.
interface FastEthernet4
ip address 38.x.x.x.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.243 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.1 20 38.100.6.74 20 extendable
ip nat inside source static tcp 192.168.0.1 21 38.100.6.74 21 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
Solved! Go to Solution.
04-24-2007 10:15 AM
Dear,
How about the routing!!! what i understand is the server located behind the router and using vlan1 interface ip address as default gateway so the traffic arrived on the vlan1 interface which is has ip nat inside so the server will be NAT only if the traffic coming from vlan1 forward out Fastethernet4 OR if a traffic coming from F4 forwarded to FTP server, the configurations above has nothing wrong, so please provide us with more information about the routing begin used or with full snapshot of running-config.
Please rate helpful posts
Best Regards,
Mounir Mohamed
04-24-2007 12:15 PM
Internet access from inside works just fine right? Is this a personal firewall? Can you debug NAT? The config looks OK.
04-24-2007 09:36 AM
What ACL's do you have in place? Can you post the results of "show ip nat translations"?
04-24-2007 10:04 AM
Here is the list. Thanks in Advance for the help.
fmg#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 38.100.6.74:20 192.168.0.1:20 --- ---
tcp 38.100.6.74:21 192.168.0.1:21 --- ---
tcp 38.100.6.74:2112 192.168.0.10:2112 128.121.38.11:110 128.121.38.11:110
tcp 38.100.6.74:1267 192.168.0.12:1267 64.233.185.83:80 64.233.185.83:80
tcp 38.100.6.74:1494 192.168.0.12:1494 64.233.185.83:80 64.233.185.83:80
tcp 38.100.6.74:2867 192.168.0.13:2867 64.233.185.19:80 64.233.185.19:80
tcp 38.100.6.74:3102 192.168.0.13:3102 64.233.185.189:80 64.233.185.189:80
tcp 38.100.6.74:3570 192.168.0.13:3570 84.53.139.90:80 84.53.139.90:80
tcp 38.100.6.74:3678 192.168.0.13:3678 72.14.247.83:80 72.14.247.83:80
tcp 38.100.6.74:3887 192.168.0.13:3887 72.14.247.83:80 72.14.247.83:80
tcp 38.100.6.74:3898 192.168.0.13:3898 128.121.38.11:110 128.121.38.11:110
tcp 38.100.6.74:3900 192.168.0.13:3900 66.150.253.241:80 66.150.253.241:80
tcp 38.100.6.74:3902 192.168.0.13:3902 66.150.253.241:80 66.150.253.241:80
tcp 38.100.6.74:1832 192.168.0.16:1832 128.121.38.11:110 128.121.38.11:110
udp 38.100.6.74:1026 192.168.0.27:1026 66.28.0.45:53 66.28.0.45:53
tcp 38.100.6.74:1159 192.168.0.27:1159 205.234.224.42:554 205.234.224.42:554
tcp 38.100.6.74:1342 192.168.0.27:1342 84.53.139.43:80 84.53.139.43:80
tcp 38.100.6.74:3683 192.168.0.27:3683 72.14.209.99:80 72.14.209.99:80
tcp 38.100.6.74:3704 192.168.0.27:3704 65.54.195.185:80 65.54.195.185:80
tcp 38.100.6.74:3705 192.168.0.27:3705 65.54.195.185:80 65.54.195.185:80
tcp 38.100.6.74:3715 192.168.0.27:3715 84.53.139.18:80 84.53.139.18:80
tcp 38.100.6.74:3716 192.168.0.27:3716 84.53.139.18:80 84.53.139.18:80
tcp 38.100.6.74:3724 192.168.0.27:3724 84.53.139.139:80 84.53.139.139:80
--More--
04-24-2007 10:30 AM
How about ACL's? Any in place? Also you mentioned that you had a Linksys in place. What is your internet connection (DSL/Cable)?
04-24-2007 10:15 AM
Dear,
How about the routing!!! what i understand is the server located behind the router and using vlan1 interface ip address as default gateway so the traffic arrived on the vlan1 interface which is has ip nat inside so the server will be NAT only if the traffic coming from vlan1 forward out Fastethernet4 OR if a traffic coming from F4 forwarded to FTP server, the configurations above has nothing wrong, so please provide us with more information about the routing begin used or with full snapshot of running-config.
Please rate helpful posts
Best Regards,
Mounir Mohamed
04-24-2007 11:48 AM
I did not see any problem with the routing either which is why I am afraid I have missed something crucial. I have been working with this server for about 3 months now, but when trying to add the wireless and vpn capabilities to the router I made a mistake and had to reconfigure and now the FTP site won't allow access. Here is the current configuration listed below. I have not installed a firewall yet and only use ACL for nat currently. Here is my current configuration and if you can find something wrong and help me fix it I would be ecstatic.
04-24-2007 12:15 PM
Internet access from inside works just fine right? Is this a personal firewall? Can you debug NAT? The config looks OK.
04-24-2007 01:31 PM
Yes, internet inside works fine. I had my person outside the lan turn off their personal firewall. I would think it was a problem with my server except when I plug in my other router the FTP site works fine. I am not sure how to debug Nat and create output. I can enter term mon but that gives me lot of stuff. will that help.
05-01-2007 08:38 AM
Thank you everyone for looking at my configuration. I figured out what was wrong, and it was a silly error with the server not wanting to push out the FTP site.
Thanks Again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: